CVE-2023-3111

CVE	CVE-2023-3111
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-06-05 21:15:00 UTC
Updated	2023-11-07 04:17:00 UTC
Description	A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().

Problem Types: CWE-416

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	6.0	rc1	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Application	Netapp	Hci Baseboard Management Controller	h300s	All	All	All
Application	Netapp	Hci Baseboard Management Controller	h410c	All	All	All
Application	Netapp	Hci Baseboard Management Controller	h410s	All	All	All
Application	Netapp	Hci Baseboard Management Controller	h500s	All	All	All
Application	Netapp	Hci Baseboard Management Controller	h700s	All	All	All

Reference	Source	Link	Tags
fs: btrfs: fix a possible use-after-free bug caused by incorrect error handling in prepare_to_relocate() - Patchwork	MISC	patchwork.kernel.org
403 Forbidden	CONFIRM	security.netapp.com
[SECURITY] [DLA 3508-1] linux security update	MLIST	lists.debian.org
Debian -- Security Information -- DSA-5480-1 linux	DEBIAN	www.debian.org
fs: btrfs: fix a possible use-after-free bug caused by incorrect error handling in prepare_to_relocate() - Patchwork		patchwork.kernel.org
[SECURITY] [DLA 3623-1] linux-5.10 security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

184731 Debian Security Update for linux (CVE-2023-3111)
199522 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6221-1)
199615 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6252-1)
199650 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6284-1)
199669 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6301-1)
355536 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-047
355545 Amazon Linux Security Advisory for kernel : ALAS2-2023-2100
355557 Amazon Linux Security Advisory for kernel : ALAS-2023-1773
378889 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0036)
378892 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0114)
379043 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)
6000136 Debian Security Update for linux (DLA 3508-1)
6000212 Debian Security Update for linux (DSA 5480-1)
6000265 Debian Security Update for linux-5.10 (DLA 3623-1)
754160 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2808-1)
754167 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2822-1)
754168 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2830-1)
755235 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4377-1)
755564 SUSE Security Update for the linux kernel (SUSE-SU-2023:4348-1)
907039 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27087-1)