CVE-2023-1252

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 5

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2023-03-23 21:15:19
(18 months ago)
Updated Date: 2023-11-07 04:02:54
(10 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.6 version and prior 5.10.80 version	cpe:2.3:o:linux:linux_kernel	>= 5.6	< 5.10.80
Linux Kernel from 5.11 version and prior 5.14.19 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.14.19
Linux Kernel from 5.15 version and prior 5.15.3 version	cpe:2.3:o:linux:linux_kernel	>= 5.15	< 5.15.3