Use After Free Vulnerability in Linux Kernel Affects HFS Plus File System
CVE-2023-2985

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Kernel
Vendor: CVE Published:; 1 June 2023

Badges

📰 News Worthy

Summary

A use after free flaw has been identified in the hfsplus_put_super method within the Linux Kernel's HFS Plus file system implementation. This vulnerability could enable a local attacker to manipulate memory, resulting in a denial of service scenario. The flaw is critical for users leveraging this file system, emphasizing the need for timely security updates and patches.

Affected Version(s)

Kernel Kernel version prior to l 6.3-rc1

News Articles

CVE-2023-20593 CVE-2023-2985

Security update for the Linux Kernel | SUSE Support

Announcement of Security update for the Linux Kernel. Maximize the value of open source with SUSE solution, backed by SUSE Support.

thmubnail image

CVE-2023-20593 CVE-2023-2985

Security update for the Linux Kernel | SUSE Support

Announcement of Security update for the Linux Kernel. Maximize the value of open source with SUSE solution, backed by SUSE Support.

thmubnail image

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by SUSE
Mar 28, 2024
Vulnerability published
Jun 1, 2023
Vulnerability Reserved
May 30, 2023

.