CVE-2023-4394

2023-08-1700:00:00

ubuntu.com

btrfs file-system

use-after-free

local attacker

system crash

kernel information

linux kernel

cve-2023-4394

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A use-after-free flaw was found in btrfs_get_dev_args_from_path in
fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw
allows a local attacker with special privileges to cause a system crash or
leak internal kernel information

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< 5.15.0-53.59UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1023.27UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1023.27~20.04.1UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1023.29UNKNOWN
ubuntu20.04noarchlinux-azure-5.15< 5.15.0-1023.29~20.04.1UNKNOWN
ubuntu22.04noarchlinux-azure-fde< 5.15.0-1023.29UNKNOWN
ubuntu20.04noarchlinux-azure-fde-5.15< 5.15.0-1023.29~20.04.1UNKNOWN
ubuntu22.04noarchlinux-gcp< 5.15.0-1022.29UNKNOWN
ubuntu20.04noarchlinux-gcp-5.15< 5.15.0-1022.29~20.04.1UNKNOWN
ubuntu22.04noarchlinux-gke< 5.15.0-1020.25UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	linux	< 5.15.0-53.59	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1023.27	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1023.27~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< 5.15.0-1023.29	UNKNOWN
ubuntu	20.04	noarch	linux-azure-5.15	< 5.15.0-1023.29~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-azure-fde	< 5.15.0-1023.29	UNKNOWN
ubuntu	20.04	noarch	linux-azure-fde-5.15	< 5.15.0-1023.29~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-gcp	< 5.15.0-1022.29	UNKNOWN
ubuntu	20.04	noarch	linux-gcp-5.15	< 5.15.0-1022.29~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-gke	< 5.15.0-1020.25	UNKNOWN