PT-2023-1009 · Linux+10 · Linux Kernel+10

Bing-Jhong Billy Jheng

·

Published

2023-05-23

·

Updated

2025-02-13

·

CVE-2023-4622

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free vulnerability in the Linux kernel's af unix component can be exploited to achieve local privilege escalation. The unix stream sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue, resulting in a race where unix stream sendpage() could access an skb locklessly that is being released by garbage collection, leading to use-after-free.
Recommendations Upgrade past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable unix stream sendpage() function until a patch is available.

Exploit

Fix

DoS

LPE

Use After Free

Race Condition

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362CWE-476

Related Identifiers

ALSA-2024:0113
ALT-PU-2023-5590
ALT-PU-2023-5606
ALT-PU-2023-5818
ALT-PU-2024-1164
ALT-PU-2024-4263
ALT-PU-2024-4843
ASB-A-299123598
AZL-28679
AZL-31642
BDU:2023-05389
CESA-2024_0089
CESA-2024_0113
CESA-2024_0134
CVE-2023-4622
DLA-3623-1
DLA-3710-1
DSA-5492-1
LSN-0099-1
OESA-2023-1634
OESA-2023-1635
OESA-2023-1636
OESA-2023-1637
OESA-2023-1638
OPENSUSE-SU-2023_4035-1
OPENSUSE-SU-2023_4057-1
OPENSUSE-SU-2023_4058-1
OPENSUSE-SU-2023_4071-1
OPENSUSE-SU-2023_4072-1
OPENSUSE-SU-2023_4072-2
OPENSUSE-SU-2023_4347-1
OPENSUSE-SU-2023_4775-1
OPENSUSE-SU-2023_4836-1
OPENSUSE-SU-2023_4848-1
OPENSUSE-SU-2023_4871-1
OPENSUSE-SU-2023_4872-1
RHSA-2024:0089
RHSA-2024:0113
RHSA-2024:0134
RHSA-2024:0340
RHSA-2024:0376
RHSA-2024:0378
RHSA-2024:0381
RHSA-2024:0402
RHSA-2024:0403
RHSA-2024:0412
RHSA-2024:0439
RHSA-2024:0448
RHSA-2024:0461
RHSA-2024:0554
RHSA-2024:0562
RHSA-2024:0563
RHSA-2024:0575
RHSA-2024:0593
RHSA-2024:1250
RHSA-2024:1253
RHSA-2024:1306
RHSA-2024:1960
RHSA-2024:2003
RHSA-2024:2004
RHSA-2024:5261
RHSA-2024_0113
RHSA-2024_0134
RHSA-2024_0461
RHSA-2024_2003
RHSA-2024_2004
RLSA-2024:0134
SUSE-SU-2023:4030-1
SUSE-SU-2023:4031-1
SUSE-SU-2023:4032-1
SUSE-SU-2023:4033-1
SUSE-SU-2023:4035-1
SUSE-SU-2023:4057-1
SUSE-SU-2023:4058-1
SUSE-SU-2023:4071-1
SUSE-SU-2023:4072-1
SUSE-SU-2023:4072-2
SUSE-SU-2023:4093-1
SUSE-SU-2023:4095-1
SUSE-SU-2023:4142-1
SUSE-SU-2023:4347-1
SUSE-SU-2023:4766-1
SUSE-SU-2023:4775-1
SUSE-SU-2023:4795-1
SUSE-SU-2023:4796-1
SUSE-SU-2023:4799-1
SUSE-SU-2023:4801-1
SUSE-SU-2023:4802-1
SUSE-SU-2023:4805-1
SUSE-SU-2023:4817-1
SUSE-SU-2023:4820-1
SUSE-SU-2023:4822-1
SUSE-SU-2023:4831-1
SUSE-SU-2023:4833-1
SUSE-SU-2023:4836-1
SUSE-SU-2023:4841-1
SUSE-SU-2023:4847-1
SUSE-SU-2023:4848-1
SUSE-SU-2023:4849-1
SUSE-SU-2023:4862-1
SUSE-SU-2023:4863-1
SUSE-SU-2023:4866-1
SUSE-SU-2023:4871-1
SUSE-SU-2023:4872-1
USN-6415-1
USN-6439-1
USN-6439-2
USN-6440-1
USN-6440-2
USN-6440-3
USN-6441-1
USN-6441-2
USN-6441-3
USN-6442-1
USN-6444-1
USN-6444-2
USN-6445-1
USN-6445-2
USN-6446-1
USN-6446-2
USN-6446-3
USN-6466-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu