CVE-2023-54310
Use-After-Free Race Condition in Linux Kernel mptlan Driver
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free bug in the Linux kernel's mptlan driver. It occurs due to a race condition during the driver unload process in the mptlan_remove() function. Specifically, while one CPU is freeing network device memory, another CPU might still be accessing that memory, leading to unsafe use of freed resources. The fix involves ensuring that all related work is completed before the cleanup happens to prevent this race condition.
How can this vulnerability impact me? :
This vulnerability can cause system instability or crashes due to the use-after-free condition in the kernel driver. It may lead to unpredictable behavior or denial of service if the kernel accesses freed memory. However, there is no information about exploitation leading to privilege escalation or data compromise.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is due to a use-after-free bug in the mptlan driver caused by a race condition during driver unload. Immediate mitigation steps include avoiding unloading the mptlan driver until a fixed kernel version is applied. Applying the kernel update that includes the fix for this issue is recommended. Additionally, consider removing or disabling the mptlan driver if it is not needed, as suggested in the description.