{"api_version":"1","generated_at":"2026-04-23T14:57:41+00:00","cve":"CVE-2023-3397","urls":{"html":"https://cve.report/CVE-2023-3397","api":"https://cve.report/api/cve/CVE-2023-3397.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3397","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3397"},"summary":{"title":"CVE-2023-3397","description":"A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-11-01 20:15:00","updated_at":"2023-11-09 15:09:00"},"problem_types":["CWE-362"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217271","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2217271","refsource":"MISC","tags":[],"title":"2217271 – (CVE-2023-3397) CVE-2023-3397 kernel: slab-use-after-free Write in txEnd due to race condition","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.spinics.net/lists/kernel/msg4788636.html","name":"https://www.spinics.net/lists/kernel/msg4788636.html","refsource":"MISC","tags":[],"title":"[PATCH] fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race  condition between txEnd and lmLogClose functions — Linux Kernel","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2023-3397","name":"https://access.redhat.com/security/cve/CVE-2023-3397","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3397","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3397","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"3397","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-3397","qid":"356736","title":"Amazon Linux Security Advisory for kernel : ALAS2-2023-2340"},{"cve":"CVE-2023-3397","qid":"356744","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-1883"},{"cve":"CVE-2023-3397","qid":"356874","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-056"},{"cve":"CVE-2023-3397","qid":"356887","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-043"},{"cve":"CVE-2023-3397","qid":"6140019","title":"AWS Bottlerocket Security Update for kernel (GHSA-r7gg-6g8h-2h2x)"},{"cve":"CVE-2023-3397","qid":"6140190","title":"AWS Bottlerocket Security Update for kernel (GHSA-r7gg-6g8h-2h2x)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-3397","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Use After Free","cweId":"CWE-416"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2023-3397","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-3397"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217271","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2217271"},{"url":"https://www.spinics.net/lists/kernel/msg4788636.html","refsource":"MISC","name":"https://www.spinics.net/lists/kernel/msg4788636.html"}]},"work_around":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-11-01 20:15:00","lastModifiedDate":"2023-11-09 15:09:00","problem_types":["CWE-362"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":1,"impactScore":5.2}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}