A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.
CVE-2023-3269 - High Severity Vulnerability
Vulnerable Libraries - linuxlinux-4.19.72, linuxlinux-4.19.72
Vulnerability Details
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.
Publish Date: 2023-07-11
URL: CVE-2023-3269
CVSS 3 Score Details (7.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Changed - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2023-3269
Release Date: 2023-07-11
Fix Resolution: v6.1.37,v6.3.11,v6.5-rc1
Step up your Open Source Security Game with Mend here