CVE-2023-37454

Exploit

EPSS 0.01%
Veröffentlicht 06.07.2023 17:15:14
Zuletzt bearbeitet 21.11.2024 08:11:44
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 6.4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.004

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5

https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/

https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55

Third Party Advisory

Exploit

Mailing List

https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57

Third Party Advisory

Exploit

Mailing List

https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d