Lucene search

MitreCVE-2023-37454

HistoryJul 06, 2023 - 5:15 p.m.

CVE-2023-37454

2023-07-0617:15:14

CWE-416

mitre

web.nvd.nist.gov

cve-2023-37454

linux kernel

use-after-free

udf filesystem

security vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

Percentile

9.8%

JSON

An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤6.4.2

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5

lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/

syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55

syzkaller.appspot.com/bug?extid=60864ed35b1073540d57

syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

Percentile

9.8%

JSON

Related for CVE-2023-37454