CVE-2023-3269

CVE	CVE-2023-3269
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-07-11 12:15:00 UTC
Updated	2023-11-07 04:18:00 UTC
Description	A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

Problem Types: CWE-416

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	37	All	All	All
Operating System	Fedoraproject	Fedora	38	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	6.4	-	All	All
Operating System	Linux	Linux Kernel	6.4	rc1	All	All
Operating System	Linux	Linux Kernel	6.4	rc2	All	All
Operating System	Linux	Linux Kernel	6.4	rc3	All	All
Operating System	Linux	Linux Kernel	6.4	rc4	All	All
Operating System	Linux	Linux Kernel	6.4	rc5	All	All
Operating System	Linux	Linux Kernel	6.4	rc6	All	All
Operating System	Linux	Linux Kernel	6.4	rc7	All	All
Operating System	Redhat	Enterprise Linux	6.0	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	9.0	All	All	All

Reference	Source	Link	Tags
oss-security - Re: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues -- [email protected] vs. linux-distros@	MISC	www.openwall.com
oss-security - StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability	MISC	www.openwall.com
2215268 – (CVE-2023-3269) CVE-2023-3269 kernel: distros-[DirtyVMA] Privilege escalation via non-RCU-protected VMA traversal	MISC	bugzilla.redhat.com
[SECURITY] Fedora 37 Update: kernel-6.3.12-100.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
cve-details	MISC	access.redhat.com
oss-security - Re: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability	MISC	www.openwall.com
SecLists.Org Security Mailing List Archive	MISC	seclists.org
oss-security - linux-distros list policy and Linux kernel, again	MISC	www.openwall.com
CVE-2023-3269 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	MISC	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

199606 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6249-1)
199608 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6250-1)
284301 Fedora Security Update for kernel (FEDORA-2023-2846d5650e)
284312 Fedora Security Update for kernel (FEDORA-2023-2932e6c7d8)
355562 Amazon Linux Security Advisory for kernel : ALAS2023-2023-234
6000207 Debian Security Update for linux (DSA 5448-1)
907147 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27407-1)
907216 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27411-1)