Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-4610

Опубликовано: 04 сент. 2023
Источник: redhat
CVSS3: 0

Описание

A use-after-free flaw was found in radix_tree_lookup in ./lib/radix-tree.c in the Radix tree node cache in the Linux Kernel. This issue could allow a local attacker to crash the system and could lead to a kernel information leak problem.

Отчет

The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/ZTKVfoQZplpB8rki@casper.infradead.org and https://bugzilla.suse.com/show_bug.cgi?id=1215932 for more information.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2229691kernel: KASAN: slab-use-after-free Read in radix_tree_lookup while fuzzing Linux kernel 6.4-rc6 with syzkaller.

0 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-4610

ubuntu
больше 2 лет назад

Rejected reason: The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/ZTKVfoQZplpB8rki@casper.infradead.org and https://bugzilla.suse.com/show_bug.cgi?id=1215932 for more information.

nvd логотип

CVE-2023-4610

nvd
больше 2 лет назад

Rejected reason: The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/ZTKVfoQZplpB8rki@casper.infradead.org and https://bugzilla.suse.com/show_bug.cgi?id=1215932 for more information.

fstec логотип

BDU:2023-06418

CVSS3: 7
fstec
больше 2 лет назад

Уязвимость функции radix_tree_lookup() модуля lib/radix-tree.c ядра операционной системы Linux в radix_tree_lookup(), позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

0 Low

CVSS3