Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal
CVE-2023-3269

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Kernel; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 11 July 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-3269?

A critical vulnerability has been identified in the memory management subsystem of the Linux kernel. This flaw involves improper lock handling when accessing and updating virtual memory areas (VMAs), resulting in use-after-free conditions. Exploiting this vulnerability allows attackers to execute arbitrary code within the kernel, escalate privileges in containerized environments, and potentially gain root access. Organizations utilizing affected versions of the Linux kernel are urged to apply security updates promptly to mitigate the risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

StackRot
Created by lrh2000

References

https://access.redhat.com/security/cve/CVE-2023-3269

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2215268

issue-trackingx_refsource_REDHAT

https://www.openwall.com/lists/oss-security/2023/07/05/1

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2023
🟡
Public PoC available
Jun 28, 2023
👾
Exploit known to exist
Jun 28, 2023
Vulnerability Reserved
Jun 15, 2023

Red Hat

Badges

What is CVE-2023-3269?

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline