Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
CVE-2023-3567

7.1HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Extended Update Support
Red Hat Enterprise Linux 8.8 Extended Update Support
Red Hat Enterprise Linux 9
Vendor
CVE Published:
24 July 2023

What is CVE-2023-3567?

A use-after-free vulnerability exists in the vcs_read function within the vc_screen component of the Linux Kernel. This flaw enables an attacker with local user privileges to manipulate memory, potentially causing a system crash or disclosing sensitive kernel data. Addressing this vulnerability is crucial for maintaining system stability and protecting sensitive information.

Affected Version(s)

Red Hat Enterprise Linux 8 0:4.18.0-553.rt7.342.el8_10

Red Hat Enterprise Linux 8 0:4.18.0-553.el8_10

Red Hat Enterprise Linux 8.6 Extended Update Support 0:4.18.0-372.87.1.el8_6

References

https://access.redhat.com/errata/RHSA-2024:0412
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0431
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0432
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.