PT-2023-2760 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2023-01-30

·

Updated

2024-04-15

·

CVE-2023-32269

CVSS v3.1

6.7

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.11
Description The issue is related to the implementation of the NET/ROM network protocol in the Linux kernel. It involves a use-after-free error in the af netrom.c module, specifically in the nr release() function, due to the reuse of a network descriptor (socket) for an already established connection. For an attacker to exploit this, the system must have netrom routing configured or the attacker must possess the CAP NET ADMIN capability. This could potentially impact the confidentiality, integrity, and availability of data.
Recommendations For Linux kernel versions prior to 6.1.11, update to version 6.1.11 or later to resolve the issue. As a temporary workaround, consider disabling netrom routing or restricting the CAP NET ADMIN capability to minimize the risk of exploitation.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2023-1220
ALT-PU-2023-1267
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
ALT-PU-2024-4263
ALT-PU-2024-4843
AZL-26623
BDU:2023-02624
CVE-2023-32269
OESA-2023-1284
SUSE-SU-2023:2501-1
SUSE-SU-2023:2502-1
SUSE-SU-2023:2506-1
SUSE-SU-2023:2507-1
SUSE-SU-2023:2534-1
SUSE-SU-2023:2537-1
SUSE-SU-2023:2538-1
SUSE-SU-2023:2611-1
SUSE-SU-2023:2651-1
SUSE-SU-2023:2805-1
USN-6079-1
USN-6080-1
USN-6081-1
USN-6084-1
USN-6085-1
USN-6090-1
USN-6091-1
USN-6092-1
USN-6094-1
USN-6095-1
USN-6096-1
USN-6109-1
USN-6118-1
USN-6132-1
USN-6133-1
USN-6134-1
USN-6222-1
USN-6256-1
USN-6385-1
USN-6388-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu