CVE-2023-4394 — Uncontrolled Resource Consumption in Kernel

CWE-400 — Uncontrolled Resource Consumption CWE-416 — Use After Free6 documents6 sources

Severity

6.0MEDIUMNVD

EPSS

0.0%

top 97.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc Cbl2 Kernel 5.15.131.1-2 ON CBL Mariner 2.0

Timeline

PublishedAug 17

Description

A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages4 packages

▶NVDlinux/linux_kernel< 6.0+1

▶Debianlinux/linux_kernel< 5.19.6-1+2

▶msrcmsrc/cbl2_kernel_5.15.131.1-2_on_cbl_mariner_2.0

▶debiandebian/linux< linux 5.19.6-1 (bookworm)

Patches

Patch: bugzilla.redhat.com ↗Patch: patchwork.kernel.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

CVE-2023-4394: A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes↗2023-08-17

▶

GHSA

GHSA-5w86-j94c-54q5: A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes↗2023-08-17

▶

📋Vendor Advisories

Microsoft

Memory leak in btrfs_get_dev_args_from_path()↗2023-08-08

▶

Debian

CVE-2023-4394: linux - A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volu...↗2023

▶

Red Hat

kernel: btrfs: memory leak in btrfs_get_dev_args_from_path()↗2022-08-15

▶