PT-2023-9833 · Linux+7 · Linux Kernel+7
Yuehaibing
·
Publicado
2023-07-17
·
Atualizado
2025-09-29
·
CVE-2023-52922
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.4.6
Description
The issue is related to a use-after-free vulnerability in the Linux kernel's CAN BCM, specifically in the
bcm proc show() function. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The bcm op is freed before the procfs entry is removed in bcm release(), leading to bcm proc show() potentially reading the freed bcm op.Recommendations
To resolve the issue, upgrade the Linux kernel to a version later than 6.4.6.
As a temporary workaround, consider restricting access to the vulnerable
bcm proc show() function until a patch is available.Exploit
Correção
Use After Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse