CVE-2023-4622: A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage()…

high7CVSS 3.1

AVLACHPRLUINSUCHIHAH

A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.

Affected

23 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	linux	< linux 6.1.52-1 (bookworm)	linux 6.1.52-1 (bookworm)
google	android	—	—
google	chrome_chrome	—	—
linux	kernel	>= 4.2 < 6.1.47	6.1.47
linux	linux_kernel	>= 0 < 5.10.197-1	5.10.197-1
linux	linux_kernel	>= 0 < 6.1.52-1	6.1.52-1
linux	linux_kernel	>= 0 < 6.4.13-1	6.4.13-1
linux	linux_kernel	>= 0 < 6.4.13-1	6.4.13-1
linux	linux_kernel	>= 0 < 5.4.0-165.182	5.4.0-165.182
linux	linux_kernel	>= 0 < 5.15.0-87.97	5.15.0-87.97
linux	linux_kernel	>= 0 < 4.4.0-246.280	4.4.0-246.280
linux	linux_kernel	>= 0 < 4.15.0-219.230	4.15.0-219.230
linux	linux_kernel	>= 0 < 5.4.0-165.182	5.4.0-165.182
linux	linux_kernel	>= 0 < 5.15.0-87.97	5.15.0-87.97
linux	linux_kernel	>= 4.2 < 6.1.47	6.1.47
msrc	cbl2_hyperv-daemons_5.15.135.1-1_on_cbl_mariner_2.0	—	—
msrc	cbl2_kernel_5.15.131.1-2_on_cbl_mariner_2.0	—	—
paloalto	pan-os	—	—
ubuntu	linux-gcp-5.15	—	—
ubuntu	linux-gkeop-5.15	—	—
ubuntu	linux-intel-iotg-5.15	—	—

CVSS provenance

nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

osv7.8HIGH