CVE-2023-21255Use After Free in Linux

CWE-416Use After FreeCWE-787Out-of-bounds Write33 documents7 sources
Severity
7.8HIGHNVD
OSV6.8OSV6.5
EPSS
0.1%
top 74.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxGoogle Android+1 more
Timeline
PublishedJul 13
Latest updateJun 13

Description

In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/linux< linux 6.1.37-1 (bookworm)
Debianlinux/linux_kernel< 5.10.191-1+3
Ubuntulinux/linux_kernel< 5.4.0-162.179+1
CVEListV5google/androidAndroid kernel

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: android.googlesource.comPatch: source.android.comPatch: android.googlesource.com

🔴Vulnerability Details

15
OSV
linux-bluefield vulnerabilities2023-09-26
OSV
linux-intel-iotg vulnerabilities2023-09-18
OSV
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-raspi vulnerabilities2023-09-11
OSV
linux-ibm, linux-ibm-5.4 vulnerabilities2023-09-11
OSV
linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities2023-09-08

📋Vendor Advisories

17
CISA ICS
Siemens TIM 1531 IRC2024-06-13
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-09-26
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-09-18
Ubuntu
Linux kernel (IBM) vulnerabilities2023-09-11