Lucene search

[email protected]NVD:CVE-2023-37454

HistoryJul 06, 2023 - 5:15 p.m.

CVE-2023-37454

2023-07-0617:15:14

CWE-416

[email protected]

web.nvd.nist.gov

linux

kernel

filesystem

udf

use-after-free

suse

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

9.8%

JSON

An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤6.4.2

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5

lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/

syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55

syzkaller.appspot.com/bug?extid=60864ed35b1073540d57

syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

9.8%

JSON

Related for NVD:CVE-2023-37454

prion1 debiancve1 cvelist1 ubuntucve1 cve1 redhatcve1 nessus4