CVE-2023-4611 — Use After Free in Kernel

CWE-416 — Use After Free8 documents8 sources

Severity

6.3MEDIUMNVD

EPSS

0.0%

top 94.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc Cbl2 Kernel 5.15.135.1-2 ON CBL Mariner 2.0

Timeline

PublishedAug 29

Latest updateAug 15

Description

A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.0 | Impact: 5.2

Affected Packages4 packages

▶NVDlinux/linux_kernel< 6.5+1

▶Debianlinux/linux_kernel< 6.4.11-1+1

▶msrcmsrc/cbl2_kernel_5.15.135.1-2_on_cbl_mariner_2.0

▶debiandebian/linux< linux 6.4.11-1 (forky)

Patches

Patch: bugzilla.redhat.com ↗Patch: www.spinics.net ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-95mw-86qw-9v54: A use-after-free flaw was found in mm/mempolicy↗2023-08-30

▶

OSV

CVE-2023-4611: A use-after-free flaw was found in mm/mempolicy↗2023-08-29

▶

📋Vendor Advisories

CISA ICS

Siemens SINEC NMS↗2024-08-15

▶

Microsoft

Use after free race between mbind() and vma-locked page fault↗2023-08-08

▶

Red Hat

kernel: Use after free race between mbind() and VMA-locked page fault↗2023-07-28

▶

Debian

CVE-2023-4611: linux - A use-after-free flaw was found in mm/mempolicy.c in the memory management subsy...↗2023

▶

💬Community

Bugzilla

CVE-2023-4611 kernel: Use after free race between mbind() and VMA-locked page fault↗2023-07-28

▶