Vulnerability CVE-2023-4622: Information
Description
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
kernel-image-mp | sisyphus | 6.4.16-alt1 | 6.8.12-alt1 | ALT-PU-2023-5590-1 | 329451 | Fixed |
kernel-image-mp | p11 | 6.4.16-alt1 | 6.8.8-alt1 | ALT-PU-2023-5590-1 | 329451 | Fixed |
kernel-image-pine | sisyphus | 6.4.16-alt1 | 6.6.32-alt1 | ALT-PU-2023-5818-1 | 330066 | Fixed |
kernel-image-pine | p11 | 6.4.16-alt1 | 6.6.31-alt1 | ALT-PU-2023-5818-1 | 330066 | Fixed |
kernel-image-rpi-un | sisyphus | 6.1.77-alt1 | 6.6.23-alt1 | ALT-PU-2024-4263-5 | 343076 | Fixed |
kernel-image-rpi-un | p10 | 6.1.77-alt1 | 6.1.77-alt1 | ALT-PU-2024-4843-2 | 344147 | Fixed |
kernel-image-rpi-un | p11 | 6.1.77-alt1 | 6.6.23-alt1 | ALT-PU-2024-4263-5 | 343076 | Fixed |
kernel-image-un-def | sisyphus | 6.4.16-alt1 | 6.6.32-alt1 | ALT-PU-2023-5606-1 | 329464 | Fixed |
kernel-image-un-def | sisyphus_riscv64 | 6.4.16-alt1.0.port | 6.6.31-alt1.0.port | ALT-PU-2023-5831-1 | - | Fixed |
kernel-image-un-def | p11 | 6.4.16-alt1 | 6.6.31-alt1 | ALT-PU-2023-5606-1 | 329464 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c |
|
https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c |
|
https://www.debian.org/security/2023/dsa-5492 |
|
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html |
|
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html | |
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html |