Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.3
CVSSv3

CVE-2023-3397

Published: 01/11/2023 Updated: 09/11/2023
CVSS v3 Base Score: 6.3 | Impact Score: 5.2 | Exploitability Score: 1
VMScore: 0
Subscribe to Linux

Vulnerability Summary

A race condition between two functions, lmLogClose() and txEnd(), in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash. (CVE-2023-3397) An issue exists in the Linux kernel prior to 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. (CVE-2023-46813) A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel -

Vendor Advisories

Amazon Linux AMI: ALAS-2023-1883
A race condition between two functions, lmLogClose() and txEnd(), in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash (CVE-2023-3397) A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests (CVE-2023-34324) A heap out-of-bounds write vulnerability in th ...
Amazon Linux 2: ALAS-2023-2340
A race condition between two functions, lmLogClose() and txEnd(), in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash (CVE-2023-3397) A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation If perf_r ...
Amazon Linux 2: ALASKERNEL-5.10-2023-043
A race condition between two functions, lmLogClose() and txEnd(), in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash (CVE-2023-3397) An issue was discovered in the Linux kernel before 659, exploitable by local users with userspace access to MMIO registers Incorrect access checking in the #VC handler and in ...
Amazon Linux 2: ALASKERNEL-5.4-2023-056
A race condition between two functions, lmLogClose() and txEnd(), in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash (CVE-2023-3397) A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation If perf_r ...

References

CWE-362https://www.spinics.net/lists/kernel/msg4788636.htmlhttps://access.redhat.com/security/cve/CVE-2023-3397https://bugzilla.redhat.com/show_bug.cgi?id=2217271https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2023-1883.htmlhttps://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2023-043.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook