A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.
The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.
We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html | |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c | Issue Tracking Mailing List Patch Vendor Advisory |
https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html | |
https://www.debian.org/security/2023/dsa-5492 | Third Party Advisory |
Configurations
History
11 Jan 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Nov 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Oct 2023, 02:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References | (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html - Mailing List, Third Party Advisory |
20 Oct 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Sep 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
First Time |
Linux
Debian Debian debian Linux Linux linux Kernel |
|
References | (MISC) https://www.debian.org/security/2023/dsa-5492 - Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c - Issue Tracking, Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
|
CWE | CWE-416 |
10 Sep 2023, 12:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Sep 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-06 14:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4622
Mitre link : CVE-2023-4622
CVE.ORG link : CVE-2023-4622
JSON object : View
Products Affected
linux
- linux_kernel
debian
- debian_linux
CWE
CWE-416
Use After Free