CVE-2023-3269

Published on: Not Yet Published

Last Modified on: 09/08/2023 05:15:00 PM UTC

CVE-2023-3269

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Fedora from Fedoraproject contain the following vulnerability:

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

CVE-2023-3269 has been assigned by seca[email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
oss-security - Re: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues -- [email protected] vs. linux-distros@	www.openwall.com text/html	MISC www.openwall.com/lists/oss-security/2023/08/25/1
oss-security - StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability	www.openwall.com text/html	MISC www.openwall.com/lists/oss-security/2023/07/05/1
2215268 – (CVE-2023-3269) CVE-2023-3269 kernel: distros-[DirtyVMA] Privilege escalation via non-RCU-protected VMA traversal	bugzilla.redhat.com text/html	MISC bugzilla.redhat.com/show_bug.cgi?id=2215268
[SECURITY] Fedora 37 Update: kernel-6.3.12-100.fc37 - package-announce - Fedora Mailing-Lists	lists.fedoraproject.org text/html	MISC lists.fedoraproject.org/archives/list/[email protected]/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L/
cve-details	access.redhat.com text/html	MISC access.redhat.com/security/cve/CVE-2023-3269
oss-security - Re: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability	www.openwall.com text/html	MISC www.openwall.com/lists/oss-security/2023/07/28/1
SecLists.Org Security Mailing List Archive	seclists.org text/html	MISC seclists.org/fulldisclosure/2023/Jul/43
oss-security - linux-distros list policy and Linux kernel, again	www.openwall.com text/html	MISC www.openwall.com/lists/oss-security/2023/08/25/4
CVE-2023-3269 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	security.netapp.com text/html	MISC security.netapp.com/advisory/ntap-20230908-0001/

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

199606 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6249-1)
199608 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6250-1)
284301 Fedora Security Update for kernel (FEDORA-2023-2846d5650e)
284312 Fedora Security Update for kernel (FEDORA-2023-2932e6c7d8)
355562 Amazon Linux Security Advisory for kernel : ALAS2023-2023-234
907147 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27407-1)
907216 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27411-1)

Exploit/POC from Github

CVE-2023-3269: Linux kernel privilege escalation vulnerability

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	37	All	All	All
Operating System	Fedoraproject	Fedora	38	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*:
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@masami256	GitHub - lrh2000/StackRot: CVE-2023-3269: Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR…	2023-07-05 12:42:34
@0xkol	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability. Affects versions 6.1-6.4, when the red-b… twitter.com/i/web/status/1…	2023-07-05 13:52:57
@luiscosio	StackRot (CVE-2023-3269): vulnerabilidad de escalada de privilegios del kernel de Linux - openwall.com/lists/oss-secu… #netsec #cybersecurity	2023-07-05 14:37:05
@the_yellow_fall	CVE-2023-3269: Linux Kernel Privilege Escalation Vulnerability securityonline.info/cve-2023-3269-… #opensource #infosec #security #pentesting	2023-07-05 14:40:38
@_r_netsec	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability openwall.com/lists/oss-secu…	2023-07-05 14:43:05
@andersonc0d3	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability seclists.org/oss-sec/2023/q…	2023-07-05 14:50:26
@oss_security	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability: Posted by Ruihan Li on Jul 05Hi all,… twitter.com/i/web/status/1…	2023-07-05 14:51:02
@olouhaidia	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability bit.ly/44f1J9C	2023-07-05 15:29:18
@abclinuxu	Lokální eskalace práv v Linuxu: CVE-2023-3269 aneb StackRot ift.tt/QUScZm6	2023-07-05 15:34:56
@Komodosec	#Vulnerability #CVE20233269 CVE-2023-3269: Linux Kernel Privilege Escalation Vulnerability securityonline.info/cve-2023-3269-…	2023-07-05 17:01:34
@jcorrius	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability: github.com/lrh2000/StackR…	2023-07-05 19:26:50
@omokazuki	SIOSセキュリティブログを更新しました。 Linux Kernelの特権昇格の脆弱性(Important: StackRot ( CVE-2023-3269) ) #sios_tech #security… twitter.com/i/web/status/1…	2023-07-06 01:26:36
@itit7777	IT関連サイト記事が更新されました！記事はこちらから⇒ Linux Kernelの特権昇格の脆弱性(Important: StackRot ( CVE-2023-3269) ) security.sios.jp/vulnerability/…	2023-07-06 02:03:35
@Sekurak	StackRot (CVE-2023-3269) - podatność umożliwiająca lokalną eskalację uprawnień do root/kernel na Linuksie Do końca… twitter.com/i/web/status/1…	2023-07-06 07:35:21
@PSantavy	StackRot: Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR… #CVE-2023-3269 Fixed in 6.4.1, 6.… twitter.com/i/web/status/1…	2023-07-06 10:30:38
@TheHackersNews	New #Linux kernel vulnerability uncovered → StackRot (CVE-2023-3269) opens doors to unauthorized elevated privilege… twitter.com/i/web/status/1…	2023-07-06 10:58:23
@IT_news_for_all	New Linux kernel vulnerability uncovered → StackRot (CVE-2023-3269) opens doors to unauthorized elevated privileges… twitter.com/i/web/status/1…	2023-07-06 10:58:43
@EduardKovacs	A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-… twitter.com/i/web/status/1…	2023-07-06 10:58:43
@jvquantum	TheHackersNews: New #Linux kernel vulnerability uncovered → StackRot (CVE-2023-3269) opens doors to unauthorized el… twitter.com/i/web/status/1…	2023-07-06 11:02:46
@golinkco	New #Linux kernel vulnerability uncovered → StackRot (CVE-2023-3269) opens doors to unauthorized elevated privilege… twitter.com/i/web/status/1…	2023-07-06 11:04:43
@StephenCherrym	New #Linux kernel vulnerability uncovered → StackRot (CVE-2023-3269) opens doors to unauthorized elevated privilege… twitter.com/i/web/status/1…	2023-07-06 11:04:47
@paulagualda	Nova vulnerabilidade do kernel Linux descoberta → StackRot (CVE-2023-3269) abre portas para privilégios elevados nã… twitter.com/i/web/status/1…	2023-07-06 11:26:47
@0xedeon	Spread the news & update your systems: CVE-2023-3269 has a CVSS score of 7.8 & needs to be patched! #StackRot… twitter.com/i/web/status/1…	2023-07-06 11:52:56
@skunkcyberteam	A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-b… twitter.com/i/web/status/1…	2023-07-06 12:28:04
@ohhara_shiojiri	"Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evi… twitter.com/i/web/status/1…	2023-07-06 12:54:02
@srslypascal	@grumpy_copilot Debian Stable hat Kernel 6.1 und ist daher betroffen: security-tracker.debian.org/tracker/CVE-20…	2023-07-06 12:58:01
@Sergiy3301	Security flaw in Linux kernel uncovered--StackRot (CVE-2023-3269, CVSS score: 7.8). Could allow user to gain elevat… twitter.com/i/web/status/1…	2023-07-06 13:15:33
@__kokumoto	Linuxカーネルにおける深刻な権限昇格の新たな脆弱性StackRot/CVE-2023-3269についての技術的情報が明らかになっている。6/15発見で、バージョン6.1-6.4に影響。安定版カーネルへのパッチは7/1に提供され… twitter.com/i/web/status/1…	2023-07-06 13:16:23
@betterhn20	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR… (news.ycombinator.com/item?id=366148…)	2023-07-06 13:37:12
@jreuben1	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR…	2023-07-06 13:43:45
@winsontang	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR…	2023-07-06 14:01:04
@betterhn50	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR… (news.ycombinator.com/item?id=366148…)	2023-07-06 14:46:06
@hackernewsj	StackRot (CVE-2023-3269): Linux カーネル権限昇格の脆弱性 github.com/lrh2000/StackR…	2023-07-06 14:47:57
@Komodosec	#security #linux StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability openwall.com/lists/oss-secu…	2023-07-06 15:02:32
@lgomezperu	@TheHackersNews New #Linux kernel vulnerability uncovered → StackRot (CVE-2023-3269) opens doors to unauthorized el… twitter.com/i/web/status/1…	2023-07-06 16:06:01
@gikogang	研究者が新しい Linux カーネル「StackRot」権限昇格の脆弱性を発見新しい Linux カーネルの脆弱性が発見されました。StackRot (CVE-2023-3269) は、不正な昇格された特権への扉を開きます。 twitter.com/TheHackersNews…	2023-07-06 17:13:46
@YourAnonRiots	New #Linux kernel vulnerability uncovered → StackRot (CVE-2023-3269) opens doors to unauthorized elevated privilege… twitter.com/i/web/status/1…	2023-07-06 17:35:00
@cyb3rops	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability affecting Kernel 6.1 - 6.4 openwall.com/lists/oss-secu…	2023-07-06 17:50:23
@lewisevans2007	Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. No evidence of e… twitter.com/i/web/status/1…	2023-07-06 18:36:47
@t31m0	StackRot: vulnerabilidad crítica en Linux kernel 6.1 (CVE-2023-3269) blog.segu-info.com.ar/2023/07/stackr…	2023-07-06 21:39:44
@cati3910	New Linux kernel vulnerability uncovered → StackRot (CVE-2023-3269) opens doors to unauthorized elevated privileges. bleepingcomputer.com/news/security/…	2023-07-07 01:11:40
@HackerNewsZh	StackRot（CVE-2023-3269）：Linux内核特权升级漏洞 StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability ?… twitter.com/i/web/status/1…	2023-07-07 03:00:04
@fletch_ai	Fletch Top Threat Alert: New StackRot Linux kernel flaw allows privilege escalation - #CVE-2023-3269 #FletchScore… twitter.com/i/web/status/1…	2023-07-07 05:07:00
@Dinosn	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR…	2023-07-07 05:52:56
@yoshiks	StackRot(CVE-2023-3269): Linux kernel privilege escalation vulnerability: news.ycombinator.com/item?id=366148…	2023-07-07 10:35:49
@hack_git	CVE-2023-3269 Linux kernel privilege escalation vulnerability. github.com/lrh2000/StackR… #cve #cybersecurity… twitter.com/i/web/status/1…	2023-07-07 12:15:21
@akaclandestine	#exploit 1. rax30 patch diff analysis & nday exploit for zdi-23-496 blog.coffinsec.com/nday/2023/05/1… 2. CVE-2023-3269: Linu… twitter.com/i/web/status/1…	2023-07-07 12:35:57
@ksg93rd	#exploit 1. rax30 patch diff analysis & nday exploit for zdi-23-496 blog.coffinsec.com/nday/2023/05/1… 2. CVE-2023-3269: Linu… twitter.com/i/web/status/1…	2023-07-07 12:41:44
@Tinolle1955	CVE-2023-3269: #Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR…	2023-07-07 14:19:59
@cipherstorm	What You Need to Know About StackRot – CVE-2023-3269: StackRot, identified as CVE-2023-3269 is a 7.8 HIGH use-after… twitter.com/i/web/status/1…	2023-07-07 16:12:04
@ricardolanda	“A security flaw has been identified in the Linux kernel called “stockRot” (CVE-2023-3269).” lnkd.in/gHArcjde	2023-07-07 16:27:30
@JinibaBD	?⚠️? What You Need to Know About #StackRot – CVE-2023-3269✅ #cybersecurity #cyberthreats #darkweb #databreaches… twitter.com/i/web/status/1…	2023-07-07 16:41:13
@OWNGER_HACK	CVE-2023-3269 Linux kernel privilege escalation vulnerability. github.com/lrh2000/StackR… #cve #cybersecurity… twitter.com/i/web/status/1…	2023-07-07 17:35:51
@77_rickson	oss-sec: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability seclists.org/oss-sec/2023/q…	2023-07-07 19:42:49
@oss_security	Re: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability: Posted by Solar Designer on Jul 07Th… twitter.com/i/web/status/1…	2023-07-07 22:58:03
@opsmatters_uk	The latest update for #Rezilion includes "What You Need to Know About StackRot – CVE-2023-3269" and "#AppSec and So… twitter.com/i/web/status/1…	2023-07-07 23:56:27
@0xdea	#StackRot (CVE-2023-3269): #Linux #kernel privilege escalation #vulnerability openwall.com/lists/oss-secu…	2023-07-08 08:01:29
@bot_for_devs	8. StackRot CVE-2023-3269: Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR…	2023-07-08 13:38:50
@InfoSecUSA	What You Need to Know About StackRot – CVE-2023-3269 securityboulevard.com/2023/07/what-y…	2023-07-08 23:02:12
@marimo_linux	Linuxカーネルに権限昇格の脆弱性StackRot/CVE-2023-3269が出ていたのでカスタムLinuxを更新しておいた。 GitHubにて今月末までに完全情報公開される模様で影響範囲等詳細はそちらで見れます。他の国産Linuxは対応やってるのかな。	2023-07-09 06:41:04
@bot_for_devs	8. StackRot CVE-2023-3269: Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR…	2023-07-09 13:38:50
@TheSecMaster1	StackRot (CVE-2023-3269):# Linux kernel privilege escalation #vulnerability Read Details: github.com/lrh2000/StackR…… twitter.com/i/web/status/1…	2023-07-09 18:37:24
@hnakamur2	「Linuxのバージョン6.1から6.4に影響を与える可能性があり」「深刻度は重要(High)」だそうです。 UbuntuのCVE-2023-3269のページ ubuntu.com/security/CVE-2… だとカーネルが6.1よ… twitter.com/i/web/status/1…	2023-07-09 19:39:51
@KuniSuzaki	Memo Linuxカーネルに重大な脆弱性「StackRot」、ただちに確認を掲載日 2023/07/09 news.mynavi.jp/techplus/artic… CVE-2023-3269の影響はバージョン6.1から6.4… twitter.com/i/web/status/1…	2023-07-09 23:43:25
@x86q	StackRot ( CVE-2023-3269)の脆弱性、影響あるかなって調べたけど、自分のサーバーのカーネルバージョンは5.4系だったので関係なかった	2023-07-10 00:59:24
@x86q	Needs triageだったりするし微妙？ CVE-2023-3269 \| Ubuntu ubuntu.com/security/CVE-2…	2023-07-10 01:02:10
@ockeghem	StackRot（CVE-2023-3269）はLinuxカーネルの脆弱性。Linuxのバージョン6.1から6.4に影響を与える可能性があり、Red HatによるCVSSv3のスコア値では7.8と分類され、深刻度は重要(High)… twitter.com/i/web/status/1…	2023-07-10 06:49:47
@ockeghem	StackRot（CVE-2023-3269）は現行RHELでは影響なし。これはRHELのカーネルが古めであるため / “cve-details” htn.to/v55ogDUkq4	2023-07-10 06:51:53
@ockeghem	StackRot（CVE-2023-3269）はUbuntuの場合、最新の23.04Lunar のみ影響を受ける。LTSでは影響なし。 / “CVE-2023-3269 \| Ubuntu” htn.to/6aq7iG89SK	2023-07-10 06:56:06
@ockeghem	DebianはStackRot（CVE-2023-3269）に影響があるのは最新のDebian12 bookworm のみ。既にパッチが提供されているので早期の適用を。 / “CVE-2023-3269” htn.to/2oeZtwr9dA	2023-07-10 06:56:19
@ockeghem	Amazon Linux 2023はStackRot（CVE-2023-3269）の影響あり。このページに対処方法が記載されている。 / “ALAS2023-2023-234” htn.to/3LXiMx27fs	2023-07-10 07:26:37
@ockeghem	StackRot（CVE-2023-3269）の影響を受ける環境、主要ディストロのLTSだとDebian12くらいですが、現実的にはAmazon Linux 2023が一番多そうですね。僕も一つ該当したので反射的にアップデートしま… twitter.com/i/web/status/1…	2023-07-10 07:30:12
@vuldb	A lot of offensive activities were identified targeting Linux Kernel (CVE-2023-3269) vuldb.com/?ctiid.232986	2023-07-10 08:04:32
@shimariso	Ubuntu 22.10まではLinux 5.xなので対象外 Ubuntu 23.04は Linux 6.2なので対象になるはず ubuntu.com/security/CVE-2…	2023-07-10 09:47:37
@HackHeadlines_	A newly discovered security flaw in the Linux kernel, called StackRot (CVE-2023-3269), has been revealed, potential… twitter.com/i/web/status/1…	2023-07-10 10:27:13
@shimariso	Linuxカーネル6.1の権限昇格バグ(CVE-2023-3269)、Ubuntuでは優先度「中」の扱いになった模様。 ubuntu.com/security/CVE-2…	2023-07-10 22:21:08
@lcheylus	Researchers uncover a newly identified security flaw in the Linux kernel named "StackRot" (CVE-2023-3269) that coul… twitter.com/i/web/status/1…	2023-07-11 07:05:00
@FabianRODES	@lcheylus PoC de la CVE-2023-3269 publé avant fin juillet ! La faille #StackRot risque de faire des dégâts cet été… twitter.com/i/web/status/1…	2023-07-11 07:24:45
@n0ipr0cs	GitHub - lrh2000/StackRot: CVE-2023-3269: Linux kernel privilege escalation vulnerability github.com/lrh2000/StackR…	2023-07-11 10:56:27
@CVEreport	CVE-2023-3269 : A vulnerability exists in the memory management subsystem of the #Linux #kernel. The lock handling… twitter.com/i/web/status/1…	2023-07-11 12:03:56
@Robo_Alerts	Potentially Critical CVE Detected! CVE-2023-3269 A vulnerability exists in the memory management subsystem of the L… twitter.com/i/web/status/1…	2023-07-11 13:11:24
@_r_netsec	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability openwall.com/lists/oss-secu…	2023-07-12 05:58:05
@cracbot	CVE-2023-3269 (CVSS:7.8, HIGH) is Awaiting Analysis. A vulnerability exists in the memory management subsystem of t… twitter.com/i/web/status/1…	2023-07-12 06:00:30
@fluidattacks	Dubbed StackRot (#CVE-2023-3269, CVSS score: 7.8), the flaw impacts #Linux versions 6.1 through 6.4. There is no ev… twitter.com/i/web/status/1…	2023-07-12 17:25:00
@TheSecMaster1	How to Fix CVE-2023-3269- StackRot #Vulnerability in #Linux #Kernel? Read Details: thesecmaster.com/how-to-fix-cve…… twitter.com/i/web/status/1…	2023-07-12 19:30:11
/r/netsec	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability	2023-07-05 14:35:14
/r/RedSec	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability	2023-07-05 17:57:55
/r/lowlevel	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability	2023-07-05 20:35:16
/r/hypeurls	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability	2023-07-06 14:26:12
/r/bag_o_news	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability	2023-07-07 07:30:43
/r/Action1	Patch Tuesday July 2023	2023-07-11 17:35:13
/r/linkersec	StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability	2023-08-06 01:39:12