Race Condition in shiftfs File System Could Lead to Denial of Service
CVE-2023-2612
4.4MEDIUM
Key Information:
- Vendor
- Canonical Ltd.
- Status
- Vendor
- CVE Published:
- 31 May 2023
Badges
👾 Exploit Exists📰 News Worthy
Summary
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).
Affected Version(s)
ubuntu-linux Linux 0 < 02b47547824b1cd0d55c6744f91886f04de8947e
News Articles
[CONFERENCE] GreHack 2023
This year again we were a sponsor of the GreHack conference. Several consultants from RandoriSec attended the conference. As usual, you can find a quick review of our favorite talks. Virtualization from an...
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by RandoriSec
Vulnerability published
Vulnerability Reserved
Credit
Jean-Baptiste Cayrou