CVE-2023-4394
6.0
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Exploitability: 0.8 / Impact: 5.2
Source: NVD
Description
A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information
Affected (3)
Products: Linux: Linux Kernel
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.0 |
Related CWEs
CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
References (6)
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory
Timeline
No history available yet.