PT-2023-3408 · Linux+4 · Linux Kernel+4

Ruihan Li

·

Publicado

2023-06-27

·

Atualizado

2025-06-11

·

CVE-2023-3269

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.1 through 6.4
Description A vulnerability exists in the memory management subsystem of the Linux kernel, related to incorrect lock handling for accessing and updating virtual memory areas (VMAs), leading to use-after-free problems. This issue can be exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. The vulnerability is due to a locking bug in the virtual memory management subsystem that leads to a UAF-by-RCU vulnerability.
Recommendations For Linux kernel versions 6.1 through 6.4, update to version 6.4.1, 6.3.11, or 6.1.37 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable virtual memory management subsystem to minimize the risk of exploitation. Avoid using the vulnerable maple tree structure for managing virtual memory areas until the issue is resolved.

Exploit

Correção

Race Condition

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-416

Identificadores relacionados

ALT-PU-2023-5748
ALT-PU-2023-5787
ALT-PU-2024-4263
ALT-PU-2024-4843
AZL-27411
AZL-27644
BDU:2023-03584
CVE-2023-3269
DSA-5448-1
OPENSUSE-SU-2024:13042-1
OPENSUSE-SU-2024:13704-1
USN-6249-1
USN-6250-1

Produtos afetados

Alt Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu