CVE-2023-37454

Exploit

EPSS 0.01%
Published 06.07.2023 17:15:14
Last modified 21.11.2024 08:11:44
Source cve@mitre.org
CVE-Watchlists
Login
Open
Login

An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 6.4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.004

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5

https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/

https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55

Third Party Advisory

Exploit

Mailing List

https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57

Third Party Advisory

Exploit

Mailing List

https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d