Ubuntu.comUB:CVE-2023-45898CVE-2023-45898
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The Linux kernel before 6.5.4 has an es1 use-after-free in
fs/ext4/extents_status.c, related to ext4_es_insert_extent.
Bugs
- <https://bugzilla.redhat.com/show_bug.cgi?id=2245711>
- <https://bugzilla.suse.com/show_bug.cgi?id=1216262>
Notes
| Author | Note |
|---|---|
| rodrigo-zaiden | first publication of USN-6536-1 wrongly announced that linux-azure on mantic fixed this issue in version 6.5.0-1009.9. It was fixed with USN-6573-1. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 23.10 | noarch | linux | < 6.5.0-14.14 | UNKNOWN |
| ubuntu | 23.10 | noarch | linux-aws | < 6.5.0-1011.11 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws-6.5 | < 6.5.0-1011.11~22.04.1 | UNKNOWN |
| ubuntu | 23.10 | noarch | linux-azure | < 6.5.0-1010.10 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-azure-6.5 | < 6.5.0-1010.10~22.04.1 | UNKNOWN |
| ubuntu | 23.10 | noarch | linux-gcp | < 6.5.0-1010.10 | UNKNOWN |
| ubuntu | 24.04 | noarch | linux-gke | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | linux-ibm | < 6.6.0-1001.1 | UNKNOWN |
| ubuntu | 23.10 | noarch | linux-laptop | < 6.5.0-1007.10 | UNKNOWN |
| ubuntu | 23.10 | noarch | linux-lowlatency | < 6.5.0-14.14.1 | UNKNOWN |
References
cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.4
git.kernel.org/linus/768d612f79822d30a1e7d132a4d4b05337ce42ec
github.com/torvalds/linux/commit/768d612f79822d30a1e7d132a4d4b05337ce42ec
launchpad.net/bugs/cve/CVE-2023-45898
lkml.org/lkml/2023/8/13/477
lore.kernel.org/all/[email protected]/
lore.kernel.org/lkml/[email protected]/T/
lore.kernel.org/lkml/CALcu4raD4h9coiyEBL4Bm0zjDwxC2CyPiTwsP3zFuhot6y9Beg@mail.gmail.com/
nvd.nist.gov/vuln/detail/CVE-2023-45898
security-tracker.debian.org/tracker/CVE-2023-45898
ubuntu.com/security/notices/USN-6536-1
ubuntu.com/security/notices/USN-6537-1
ubuntu.com/security/notices/USN-6573-1
www.cve.org/CVERecord?id=CVE-2023-45898
www.spinics.net/lists/stable-commits/msg317086.html
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%