PT-2023-2760 · Linux+5 · Linux Kernel+5

Syzbot

·

Publicado

2023-01-30

·

Atualizado

2024-04-15

·

CVE-2023-32269

CVSS v3.1

6.7

Média

VetorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.11
Description The issue is related to the implementation of the NET/ROM network protocol in the Linux kernel. It involves a use-after-free error in the af netrom.c module, specifically in the nr release() function, due to the reuse of a network descriptor (socket) for an already established connection. For an attacker to exploit this, the system must have netrom routing configured or the attacker must possess the CAP NET ADMIN capability. This could potentially impact the confidentiality, integrity, and availability of data.
Recommendations For Linux kernel versions prior to 6.1.11, update to version 6.1.11 or later to resolve the issue. As a temporary workaround, consider disabling netrom routing or restricting the CAP NET ADMIN capability to minimize the risk of exploitation.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2023-1220
ALT-PU-2023-1267
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
ALT-PU-2024-4263
ALT-PU-2024-4843
AZL-26623
BDU:2023-02624
CVE-2023-32269
OESA-2023-1284
SUSE-SU-2023:2501-1
SUSE-SU-2023:2502-1
SUSE-SU-2023:2506-1
SUSE-SU-2023:2507-1
SUSE-SU-2023:2534-1
SUSE-SU-2023:2537-1
SUSE-SU-2023:2538-1
SUSE-SU-2023:2611-1
SUSE-SU-2023:2651-1
SUSE-SU-2023:2805-1
USN-6079-1
USN-6080-1
USN-6081-1
USN-6084-1
USN-6085-1
USN-6090-1
USN-6091-1
USN-6092-1
USN-6094-1
USN-6095-1
USN-6096-1
USN-6109-1
USN-6118-1
USN-6132-1
USN-6133-1
USN-6134-1
USN-6222-1
USN-6256-1
USN-6385-1
USN-6388-1

Produtos afetados

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu