CVE-2023-2513 — Use After Free in Kernel
Severity
6.7MEDIUMNVD
OSV4.7
EPSS
0.0%
top 97.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 8
Latest updateFeb 14
Description
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Enterprise Linux 6.0, 7.0, 8.0, 9.0
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-8m42-pwwf-cc8j: A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes↗2023-05-08
CVEList▶
CVE-2023-2513: A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes↗2023-05-08
OSV▶
CVE-2023-2513: A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes↗2023-05-08
📋Vendor Advisories
5Microsoft▶
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to caus↗2023-05-09
Debian▶
CVE-2023-2513: linux - A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem i...↗2023