Race Condition in shiftfs File System Could Lead to Denial of Service
CVE-2023-2612

4.4MEDIUM

Key Information:

Vendor
Canonical Ltd.
Status
Ubuntu-linux
Vendor
CVE Published:
31 May 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).

Affected Version(s)

ubuntu-linux Linux 0 < 02b47547824b1cd0d55c6744f91886f04de8947e

News Articles

favicon imageRandoriSec

[CONFERENCE] GreHack 2023

This year again we were a sponsor of the GreHack conference. Several consultants from RandoriSec attended the conference. As usual, you can find a quick review of our favorite talks. Virtualization from an...

References

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/l...
patch
https://ubuntu.com/security/CVE-2023-2612
vendor-advisory
https://ubuntu.com/security/notices/USN-6122-1
vendor-advisory

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by RandoriSec

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jean-Baptiste Cayrou
.