In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Canonical
  • Accountsservice
  • Ubuntu Linux
Linux
  • Linux Kernel

Configuration 1 [-]

AND
cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*

Configuration 4 [-]

AND
cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

Configuration 5 [-]

AND
cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*

No data.

References
Link Providers
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 cve-icon cve-icon
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-3297 cve-icon
https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/ cve-icon cve-icon
https://ubuntu.com/security/notices/USN-6190-1 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-3297 cve-icon
History

Mon, 30 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2023-09-01T20:49:43.576Z

Updated: 2024-09-30T20:19:08.943Z

Reserved: 2023-06-16T14:50:30.269Z

Link: CVE-2023-3297

cve-icon Vulnrichment

Updated: 2024-08-02T06:48:08.431Z

cve-icon NVD

Status : Modified

Published: 2023-09-01T21:15:07.977

Modified: 2024-11-21T08:16:57.257

Link: CVE-2023-3297

cve-icon Redhat

Severity : Important

Publid Date: 2023-06-28T00:00:00Z

Links: CVE-2023-3297 - Bugzilla