CVE-2023-1252Use After Free in Kernel

CWE-416Use After Free6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 93.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.107.1-2 ON CBL Mariner 2.0+5 more
Timeline
PublishedMar 23
Latest updateJul 6

Description

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

NVDlinux/linux_kernel5.65.10.80+2
Debianlinux/linux_kernel< 5.10.84-1+3
CVEListV5linux/linux_kernelLinux kernel 5.16-rc1
debiandebian/linux< linux 5.15.3-3 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-225p-3jp7-q6p8: A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay2023-07-06
OSV
CVE-2023-1252: A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay2023-03-23

📋Vendor Advisories

3
Microsoft
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash o2023-03-14
Debian
CVE-2023-1252: linux - A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a ...2023
Red Hat
kernel: ovl: fix use after free in struct ovl_aio_req2021-11-15
CVE-2023-1252 — Use After Free in Linux Kernel | cvebase