VDB
CVE-2023-37454
CVE-2023-37454
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Es besteht eine Schwachstelle im Linux Kernel aufgrund einer use-after-free Schreiboperation in den Funktionen "udf_put_super" und "udf_close_lvid" in "fs/udf/super.c". Der Fehler kann auftreten, wenn ein manipuliertes UDF-Dateisystem-Image gemountet wird. Ein Angreifer kann dies für nicht spezifizierte Auswirkungen ausnutzen.
EPSS 0.01% · 0.7th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.01%
0.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| IBM | IBM QRadar SIEM | |
| Red Hat | Red Hat Enterprise Linux | |
| SUSE | SUSE Linux | |
| Open Source | Open Source Linux Kernel <=6.4.2 |
Exploit Intelligence
- https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55 (nist-nvd)
- https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57 (nist-nvd)
- https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d (nist-nvd)
- https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/ (circl)
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454 (circl)
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5 (circl)
Timeline
- Jul 6, 2023 CVE Published
- Jul 7, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
- Oct 19, 2023 EPSS Score
- Nov 23, 2023 EPSS Score
- Dec 28, 2023 EPSS Score
- Feb 1, 2024 EPSS Score
- Mar 6, 2024 EPSS Score
- Apr 10, 2024 EPSS Score
- May 15, 2024 EPSS Score
- Jun 19, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1680.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1680 advisory
- https://ubuntu.com/security/notices/USN-6549-4 advisory
- https://ubuntu.com/security/notices/USN-6548-1 advisory
- https://ubuntu.com/security/notices/USN-6549-1 advisory
- https://ubuntu.com/security/notices/USN-6534-2 advisory
- https://ubuntu.com/security/notices/USN-6549-2 advisory
- https://ubuntu.com/security/notices/USN-6548-4 advisory
- https://ubuntu.com/security/notices/USN-6548-2 advisory
- https://ubuntu.com/security/notices/USN-6635-1 advisory
- https://ubuntu.com/security/notices/USN-6549-5 advisory
- https://ubuntu.com/security/notices/USN-6548-5 advisory
- https://ubuntu.com/security/notices/USN-6548-3 advisory
- https://ubuntu.com/security/notices/USN-6534-3 advisory
- https://ubuntu.com/security/notices/USN-6549-3 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-37453 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-37454 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-September/016152.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-September/016151.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-September/016181.html advisory
…and 19 more