search

Trinadh465 / device_renesas_kernel_AOSP10_r33_CVE-2021-33034

Other
0 stars 0 forks source link

CVE-2023-4622 (High) detected in linuxlinux-4.19.239 - autoclosed #494

Closed mend-bolt-for-github[bot] closed 6 months ago

mend-bolt-for-github[bot] commented 11 months ago

CVE-2023-4622 - High Severity Vulnerability

Vulnerable Library - linuxlinux-4.19.239

The Linux Kernel

Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux

Found in base branch: master

Vulnerable Source Files (2)

/net/unix/af_unix.c /net/unix/af_unix.c

Vulnerability Details

A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.

Publish Date: 2023-09-06

URL: CVE-2023-4622

CVSS 3 Score Details (7.0)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2023-4622

Release Date: 2023-09-06

Fix Resolution: v6.5-rc1

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] commented 6 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.