PT-2022-6837 · Linux+3 · Linux Kernel+3

Dhananjay Arunesh

Published

2022-04-06

Updated

2024-10-02

CVE-2023-4389

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A flaw was found in the btrfs get root ref function in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. The problem is related to the reuse of previously freed memory, which can cause a denial of service or allow access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-415

Related Identifiers

AZL-27959

BDU:2023-04899

CVE-2023-4389

OESA-2023-1585

OPENSUSE-SU-2023_4035-1

OPENSUSE-SU-2023_4057-1

OPENSUSE-SU-2023_4058-1

OPENSUSE-SU-2023_4071-1

OPENSUSE-SU-2023_4072-1

OPENSUSE-SU-2023_4072-2

SUSE-SU-2023:4030-1

SUSE-SU-2023:4035-1

SUSE-SU-2023:4057-1

SUSE-SU-2023:4058-1

SUSE-SU-2023:4071-1

SUSE-SU-2023:4072-1

SUSE-SU-2023:4072-2

SUSE-SU-2023:4093-1

SUSE-SU-2023:4095-1

SUSE-SU-2023:4142-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-6837 · Linux+3 · Linux Kernel+3

CVE-2023-4389

Weakness Enumeration

Related Identifiers

Affected Products

References · 175