CVE-2023-3269 (StackRot)

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 3

Advisories 5

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

Weaknesses

CWE-416: Use After Free

Alias

StackRot

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2023-07-11 12:15:10
(14 months ago)
Updated Date: 2023-11-07 04:18:22
(10 months ago)

Affected Products

Configuration #1

	CPE23	From	Up To
Linux Kernel from 6.1 version and prior 6.1.37 version	cpe:2.3:o:linux:linux_kernel	>= 6.1	< 6.1.37
Linux Kernel from 6.2 version and prior 6.3.11 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.3.11
Linux Kernel 6.4	cpe:2.3:o:linux:linux_kernel:6.4:-
Linux Kernel 6.4 Rc1	cpe:2.3:o:linux:linux_kernel:6.4:rc1
Linux Kernel 6.4 Rc2	cpe:2.3:o:linux:linux_kernel:6.4:rc2
Linux Kernel 6.4 Rc3	cpe:2.3:o:linux:linux_kernel:6.4:rc3
Linux Kernel 6.4 Rc4	cpe:2.3:o:linux:linux_kernel:6.4:rc4
Linux Kernel 6.4 Rc5	cpe:2.3:o:linux:linux_kernel:6.4:rc5
Linux Kernel 6.4 Rc6	cpe:2.3:o:linux:linux_kernel:6.4:rc6
Linux Kernel 6.4 Rc7	cpe:2.3:o:linux:linux_kernel:6.4:rc7

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 37	cpe:2.3:o:fedoraproject:fedora:37
	Fedoraproject Fedora 38	cpe:2.3:o:fedoraproject:fedora:38
	Redhat Enterprise Linux 6.0	cpe:2.3:o:redhat:enterprise_linux:6.0
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0

Weaknesses

Alias

Affected Products

Fedoraproject

Linux

Redhat

Configuration #1

Configuration #2