PT-2023-3565 · Linux+2 · Linux Kernel+2

Syzbot

Published

2023-07-06

Updated

2026-03-14

CVE-2023-37454

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.4.2

Description An issue in the Linux kernel causes a use-after-free write operation in the udf put super and udf close lvid functions in fs/udf/super.c when a crafted UDF filesystem image is used. This is related to the reuse of previously freed memory. Exploitation of this issue may allow an attacker to impact the availability of protected information.

Recommendations For Linux kernel versions through 6.4.2, as a temporary workaround, consider disabling the udf close lvid() function until a patch is available. Restrict access to the vulnerable module fs/udf/super.c to minimize the risk of exploitation. Avoid using crafted UDF filesystem images until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2023-4401

ALT-PU-2023-4482

ALT-PU-2023-4663

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-27387

BDU:2023-03786

CVE-2023-37454

ECHO-6603-5761-487E

Affected Products

Alt Linux

Debian

Linux Kernel

PT-2023-3565 · Linux+2 · Linux Kernel+2

CVE-2023-37454

Weakness Enumeration

Related Identifiers

Affected Products

References · 23