CVE-2023-4389

Published: Aug 16, 2023Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.

Affected (3)

Products: Linux: Linux Kernel

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.11 to 5.15.35
Linux Linux Kernel	From 5.16 to 5.17.4
Linux Linux Kernel	From 5.7 to 5.10.112

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (6)

https://access.redhat.com/security/cve/CVE-2023-4389

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2219271

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://patchwork.kernel.org/project/linux-btrfs/patch/20220324134454.15192-1-baijiaju1990@gmail.com/

Source: secalert@redhat.com

PatchVendor Advisory

https://access.redhat.com/security/cve/CVE-2023-4389

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2219271

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://patchwork.kernel.org/project/linux-btrfs/patch/20220324134454.15192-1-baijiaju1990@gmail.com/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.