Use-After-Free Vulnerability in Ubuntu's AccountsService
CVE-2023-3297

8.1HIGH

Key Information:

Vendor

Canonical Ltd.

Status
Accountservice
Vendor
CVE Published:
1 September 2023

What is CVE-2023-3297?

A use-after-free vulnerability exists in the accountsservice of Ubuntu that can be exploited by an unprivileged local attacker. By sending specially crafted D-Bus messages to the accounts-daemon process, an attacker can manipulate memory operations, potentially leading to unexpected behavior or crashes. Users and administrators are advised to apply any available patches to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AccountService Linux 23.13.9-2ubuntu2

References

https://ubuntu.com/security/notices/USN-6190-1
vendor-advisory
https://securitylab.github.com/advisories/GHSL-2023-139_a...
third-party-advisorytechnical-description
https://bugs.launchpad.net/ubuntu/+source/accountsservice...
issue-tracking

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kevin Backhouse
JSON
.