CVE-2023-3269StackRot: Use After Free in Kernel

CWE-416Use After Free13 documents10 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 54.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedJul 11
Latest updateDec 6

Description

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDlinux/linux_kernel6.16.1.37+2
Debianlinux/linux_kernel< 6.1.37-1+2

Also affects: Enterprise Linux 6.0, 7.0, 8.0, 9.0, Fedora 37, 38

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
OSV
linux-oem-6.1 vulnerabilities2023-07-25
OSV
CVE-2023-3269: A vulnerability exists in the memory management subsystem of the Linux kernel2023-07-11
CVEList
Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal2023-07-11
GHSA
GHSA-2j2w-8gvj-wjmj: A vulnerability exists in the memory management subsystem of the Linux kernel2023-07-11
VulnCheck
Linux Kernel Use After Free2023

📋Vendor Advisories

5
Ubuntu
Linux kernel (OEM) vulnerabilities2023-07-25
Ubuntu
Linux kernel vulnerabilities2023-07-25
Microsoft
Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal2023-07-11
Red Hat
kernel: distros-[DirtyVMA] Privilege escalation via non-RCU-protected VMA traversal2023-07-05
Debian
CVE-2023-3269: linux - A vulnerability exists in the memory management subsystem of the Linux kernel. T...2023

🕵️Threat Intelligence

2
Securelist
Exploits and vulnerabilities in Q3 20242024-12-06
Securelist
Analyzing the vulnerability landscape in Q3 20242024-12-06
CVE-2023-3269 — StackRot: Use After Free in Kernel | cvebase