PT-2023-8123 · Linux+5 · Linux Kernel+5

Hyunwoo Kim

+1

·

Published

2023-12-14

·

Updated

2024-11-21

·

CVE-2023-51781

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.8
Description An issue in the Linux kernel is related to a use-after-free condition due to a race condition in the atalk recvmsg function. This issue affects the atalk ioctl function in the net/appletalk/ddp.c module, which is part of the Appletalk protocol implementation. The exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For versions prior to 6.6.8, update to version 6.6.8 or later to resolve the issue. As a temporary workaround, consider disabling the atalk ioctl() function until a patch is available. Restrict access to the net/appletalk/ddp.c module to minimize the risk of exploitation. Avoid using the atalk recvmsg function in the affected API endpoint until the issue is resolved.

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-33346
BDU:2024-00102
CVE-2023-51781
DLA-3710-1
DLA-3711-1
DSA-5593-1
DSA-5594-1
LSN-0102-1
LSN-0103-1
LSN-0104-1
OESA-2024-1083
OESA-2024-1084
OESA-2024-1085
OESA-2024-1086
OESA-2024-1087
OESA-2024-1088
USN-6639-1
USN-6648-1
USN-6648-2
USN-6651-1
USN-6651-2
USN-6651-3
USN-6652-1
USN-6653-1
USN-6653-2
USN-6653-3
USN-6653-4
USN-6700-1
USN-6700-2
USN-6701-1
USN-6701-2
USN-6701-3
USN-6701-4

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu