A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Fri, 15 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T13:23:43.615Z

Reserved: 2023-07-25T17:04:34.810Z

Link: CVE-2023-39198

cve-icon Vulnrichment

Updated: 2024-08-02T18:02:05.368Z

cve-icon NVD

Status : Modified

Published: 2023-11-09T20:15:08.730

Modified: 2024-11-21T08:14:53.863

Link: CVE-2023-39198

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-08-17T00:00:00Z

Links: CVE-2023-39198 - Bugzilla

cve-icon OpenCVE Enrichment

No data.