PT-2022-6588 · Linux+7 · Linux Kernel+7

Hulk Robot

·

Published

2022-06-14

·

Updated

2024-02-27

·

CVE-2023-2513

CVSS v2.0

6.8

Medium

VectorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. The vulnerability is related to the incorrect calculation of available space for storing attributes in the ext4 xattr set entry() function. Exploitation of the vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of data.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:7077
ALT-PU-2022-2497
ALT-PU-2022-2523
ALT-PU-2022-2915
ALT-PU-2022-2919
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-26689
BDU:2023-02628
CESA-2023_6901
CESA-2023_7077
CVE-2023-2513
OESA-2023-1284
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
RHSA-2023:2148
RHSA-2023:2458
RHSA-2023:6901
RHSA-2023:7077
RHSA-2023_2148
RHSA-2023_2458
RHSA-2023_6901
RHSA-2023_7077
RHSA-2024:0412
RHSA-2025:15649
RHSA-2025:15658
RHSA-2025:15670
SUSE-SU-2023:2500-1
SUSE-SU-2023:2501-1
SUSE-SU-2023:2502-1
SUSE-SU-2023:2507-1
SUSE-SU-2023:2534-1
SUSE-SU-2023:2537-1
SUSE-SU-2023:2538-1
SUSE-SU-2023:2611-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2651-1
SUSE-SU-2023:2653-1
SUSE-SU-2023:2782-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
USN-6254-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu