PT-2023-3565 · Linux+2 · Linux Kernel+2

Syzbot

Publicado

2023-07-06

Atualizado

2026-03-14

CVE-2023-37454

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.4.2

Description An issue in the Linux kernel causes a use-after-free write operation in the udf put super and udf close lvid functions in fs/udf/super.c when a crafted UDF filesystem image is used. This is related to the reuse of previously freed memory. Exploitation of this issue may allow an attacker to impact the availability of protected information.

Recommendations For Linux kernel versions through 6.4.2, as a temporary workaround, consider disabling the udf close lvid() function until a patch is available. Restrict access to the vulnerable module fs/udf/super.c to minimize the risk of exploitation. Avoid using crafted UDF filesystem images until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2023-4401

ALT-PU-2023-4482

ALT-PU-2023-4663

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-27387

BDU:2023-03786

CVE-2023-37454

ECHO-6603-5761-487E

Produtos afetados

Alt Linux

Debian

Linux Kernel

PT-2023-3565 · Linux+2 · Linux Kernel+2

CVE-2023-37454

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23