CVE-2023-52637 — Use After Free in Linux
Severity
7.8HIGHNVD
OSV7.0OSV6.5OSV5.5
EPSS
0.0%
top 98.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 3
Latest updateAug 14
Description
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...)
modifies jsk->filters while receiving packets.
Following trace was seen on affected system:
BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
Read of size 4 at addr ffff888012144014 by task j1939/350
CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
▶CVEListV5linux/linux9d71dd0c70099914fcd063135da3c580865e924c — 08de58abedf6e69396e1207e4f99ef8904b2b532+7
Also affects: Debian Linux 10.0