PT-2023-2581 · Linux+4 · Linux Kernel+4

Eloi Sanfelix

+1

·

Published

2022-08-25

·

Updated

2025-09-29

·

CVE-2023-2008

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 5.19-rc4
Description A flaw was found in the Linux kernel's udmabuf device driver, specifically within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. The vulnerability can be exploited by a user in the kvm group.
Recommendations For Linux Kernel versions prior to 5.19-rc4, update to version 5.19-rc4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /dev/udmabuf device to minimize the risk of exploitation. Avoid using the udmabuf device driver until the issue is resolved.

Exploit

Fix

Improper Validation of Array Index

RCE

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-20CWE-125

Related Identifiers

ALSA-2024_2394
ALSA-2025_16880
ALT-PU-2022-2497
ALT-PU-2022-2523
ALT-PU-2022-2915
ALT-PU-2022-2919
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-26280
BDU:2023-02397
CVE-2023-2008
OESA-2023-1274
RHSA-2022:7933
RHSA-2022:8267
RHSA-2022_7933
RHSA-2022_8267
RHSA-2023:3465
RHSA-2023:3470
RHSA-2023:3490
SUSE-SU-2023:2140-1
SUSE-SU-2023:2141-1
SUSE-SU-2023:2146-1
SUSE-SU-2023:2147-1
SUSE-SU-2023:2148-1
SUSE-SU-2023:2231-1
SUSE-SU-2023_2146-1
SUSE-SU-2023_2147-1
SUSE-SU-2023_2148-1
ZDI-23-441

Affected Products

Alt Linux
Astra Linux
Linux Kernel
Red Hat
Suse