PT-2023-8123 · Linux+5 · Linux Kernel+5

Hyunwoo Kim

+1

·

Publicado

2023-12-14

·

Atualizado

2024-11-21

·

CVE-2023-51781

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.8
Description An issue in the Linux kernel is related to a use-after-free condition due to a race condition in the atalk recvmsg function. This issue affects the atalk ioctl function in the net/appletalk/ddp.c module, which is part of the Appletalk protocol implementation. The exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For versions prior to 6.6.8, update to version 6.6.8 or later to resolve the issue. As a temporary workaround, consider disabling the atalk ioctl() function until a patch is available. Restrict access to the net/appletalk/ddp.c module to minimize the risk of exploitation. Avoid using the atalk recvmsg function in the affected API endpoint until the issue is resolved.

Correção

Race Condition

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-416

Identificadores relacionados

ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-33346
BDU:2024-00102
CVE-2023-51781
DLA-3710-1
DLA-3711-1
DSA-5593-1
DSA-5594-1
LSN-0102-1
LSN-0103-1
LSN-0104-1
OESA-2024-1083
OESA-2024-1084
OESA-2024-1085
OESA-2024-1086
OESA-2024-1087
OESA-2024-1088
USN-6639-1
USN-6648-1
USN-6648-2
USN-6651-1
USN-6651-2
USN-6651-3
USN-6652-1
USN-6653-1
USN-6653-2
USN-6653-3
USN-6653-4
USN-6700-1
USN-6700-2
USN-6701-1
USN-6701-2
USN-6701-3
USN-6701-4

Produtos afetados

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu