Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-45863

Опубликовано: 11 янв. 2023
Источник: redhat
CVSS3: 6.4
EPSS Низкий

Описание

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

An out-of-bounds memory write flaw was found in the load/unload module in the Linux kernel's kobject functionality, potentially triggering a race condition in the kobject_get_path function. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2024:295022.05.2024
Red Hat Enterprise Linux 8kernelFixedRHSA-2024:313822.05.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:239430.04.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:239430.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2244720kernel: lib/kobject.c vulnerable to fill_kobj_path out-of-bounds write

EPSS

Процентиль: 1%
0.00009
Низкий

6.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-45863

CVSS3: 6.4
ubuntu
больше 1 года назад

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

nvd логотип

CVE-2023-45863

CVSS3: 6.4
nvd
больше 1 года назад

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

debian логотип

CVE-2023-45863

CVSS3: 6.4
debian
больше 1 года назад

An issue was discovered in lib/kobject.c in the Linux kernel before 6. ...

github логотип

GHSA-vv7g-383w-69hc

CVSS3: 6.4
github
больше 1 года назад

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

fstec логотип

BDU:2023-06998

CVSS3: 6.4
fstec
больше 2 лет назад

Уязвимость функции fill_kobj_path() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации.

EPSS

Процентиль: 1%
0.00009
Низкий

6.4 Medium

CVSS3