CVE-2023-3397
Summary
| CVE | CVE-2023-3397 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-11-01 20:15:00 UTC |
|---|
| Updated | 2023-11-09 15:09:00 UTC |
|---|
| Description | A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Linux |
Linux Kernel |
- |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| 2217271 – (CVE-2023-3397) CVE-2023-3397 kernel: slab-use-after-free Write in txEnd due to race condition |
MISC |
bugzilla.redhat.com |
|
| [PATCH] fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions — Linux Kernel |
MISC |
www.spinics.net |
|
| cve-details |
MISC |
access.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 356736 Amazon Linux Security Advisory for kernel : ALAS2-2023-2340
- 356744 Amazon Linux Security Advisory for kernel : ALAS-2023-1883
- 356874 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-056
- 356887 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-043
- 6140019 AWS Bottlerocket Security Update for kernel (GHSA-r7gg-6g8h-2h2x)
- 6140190 AWS Bottlerocket Security Update for kernel (GHSA-r7gg-6g8h-2h2x)
