PT-2023-2687 · Linux+10 · Linux Kernel+10

Akshay Ajayan

+2

·

Published

2023-04-12

·

Updated

2024-11-21

·

CVE-2023-2124

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system, specifically in how a user restores an XFS image after failure with a dirty log journal. This issue allows a local user to crash or potentially escalate their privileges on the system. The flaw is related to insufficient metadata control when mounting XFS images, particularly in the xlog recover buf commit pass2() function within the fs/xfs/xfs buf item recover.c module.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALSA-2023:3708
ALSA-2023:3723
ALSA-2023:4517
ALSA-2023:4541
ALT-PU-2023-1878
ALT-PU-2023-1881
ALT-PU-2023-1979
ALT-PU-2023-4663
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-26781
BDU:2023-02529
CESA-2023_4517
CESA-2023_4541
CVE-2023-2124
DLA-3623-1
DSA-5448-1
DSA-5480-1
MGASA-2023-0201
MGASA-2023-0202
OESA-2023-1293
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2024:12981-1
OPENSUSE-SU-2024:13704-1
RHSA-2023:3708
RHSA-2023:3723
RHSA-2023:4137
RHSA-2023:4138
RHSA-2023:4515
RHSA-2023:4517
RHSA-2023:4541
RHSA-2023:4789
RHSA-2023:4815
RHSA-2023:4817
RHSA-2023:4961
RHSA-2023:4962
RHSA-2023_3708
RHSA-2023_3723
RHSA-2023_4517
RHSA-2023_4541
RLSA-2023:4517
RLSA-2023:4541
ROSA-SA-2023-2179
ROSA-SA-2023-2180
ROSA-SA-2023-2189
ROSA-SA-2023-2206
ROSA-SA-2023-2207
SUSE-SU-2023:2147-1
SUSE-SU-2023:2148-1
SUSE-SU-2023:2151-1
SUSE-SU-2023:2156-1
SUSE-SU-2023:2162-1
SUSE-SU-2023:2163-1
SUSE-SU-2023:2232-1
SUSE-SU-2023:2500-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2651-1
SUSE-SU-2023:2653-1
SUSE-SU-2023:2782-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
USN-6206-1
USN-6224-1
USN-6228-1
USN-6231-1
USN-6235-1
USN-6252-1
USN-6254-1
USN-6284-1
USN-6300-1
USN-6301-1
USN-6311-1
USN-6312-1
USN-6314-1
USN-6331-1
USN-6332-1
USN-6337-1
USN-6347-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu