CVE-2023-45898 — Use After Free in Kernel

CWE-416 — Use After Free14 documents9 sources

Severity

7.8HIGHNVD

OSV6.0OSV5.5

EPSS

0.0%

top 96.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc Cbl2 Kernel 5.15.135.1-2 ON CBL Mariner 2.0

Timeline

PublishedOct 16

Latest updateApr 11

Description

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel6.5 — 6.5.4

▶Debianlinux/linux_kernel< 6.5.6-1+1

▶debiandebian/linux< linux 6.5.6-1 (forky)

▶msrcmsrc/cbl2_kernel_5.15.135.1-2_on_cbl_mariner_2.0

Patches

Patch: github.com ↗Patch: lkml.org ↗Patch: www.spinics.net ↗

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2024-01-09

▶

OSV

linux-gcp vulnerabilities↗2023-12-06

▶

OSV

linux, linux-aws, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities↗2023-12-06

▶

OSV

CVE-2023-45898: The Linux kernel before 6↗2023-10-16

▶

GHSA

GHSA-3x3x-vjcr-56cc: The Linux kernel before 6↗2023-10-16

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC S7-1500↗2024-04-11

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2024-01-09

▶

Ubuntu

Linux kernel vulnerabilities↗2023-12-06

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2023-12-06

▶

Red Hat

kernel: use-after-free in fs/ext4/extents_status.c↗2023-10-23

▶

💬Community

Bugzilla

CVE-2023-45898 kernel: use-after-free in fs/ext4/extents_status.c↗2023-10-23

▶