CVE-2023-2612 — Improper Locking in LTD Ubuntu-linux

CWE-667 — Improper Locking17 documents5 sources

Severity

4.7MEDIUMNVD

CNA4.4

EPSS

0.0%

top 96.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical LTD Ubuntu-linux Linux Kernel Canonical Ubuntu Linux

Timeline

PublishedMay 31

Latest updateJul 27

Description

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

▶Ubuntulinux/linux_kernel< 5.4.0-150.167+1

▶CVEListV5canonical_ltd/ubuntu-linux< 02b47547824b1cd0d55c6744f91886f04de8947e

Also affects: Ubuntu Linux 20.04, 22.04, 22.10

Patches

Patch: git.launchpad.net ↗Patch: git.launchpad.net ↗

🔴Vulnerability Details

GHSA

GHSA-r34w-xrj9-cpvr: Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some↗2023-05-31

▶

CVEList

shiftfs lock unbalance in Ubuntu-specific kernels↗2023-05-30

▶

OSV

CVE-2023-2612: Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some↗2023-05-30

▶

OSV

linux-oem-6.1 vulnerabilities↗2023-05-30

▶

📋Vendor Advisories

Ubuntu

Linux kernel (IoT) vulnerabilities↗2023-07-27

▶

Ubuntu

Linux kernel (Xilinx ZynqMP) vulnerabilities↗2023-07-12

▶

Ubuntu

Linux kernel vulnerabilities↗2023-06-22

▶

Ubuntu

Kernel Live Patch Security Notice↗2023-06-21

▶

Ubuntu

Linux kernel (Intel IoTG) vulnerabilities↗2023-06-14

▶