CVE-2023-3567 - OpenCVE

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Eus Rhev Hypervisor

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.2.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.2.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.2.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.2.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.2.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.2.0:rc6::::::

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.rt7.342.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:2950	2024-05-22T00:00:00Z
kernel-0:4.18.0-553.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:3138	2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
kernel-0:4.18.0-372.87.1.el8_6	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:0412	2024-01-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.43.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:0575	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.13.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2394	2024-04-30T00:00:00Z
kernel-0:5.14.0-427.13.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:2394	2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
kernel-0:5.14.0-70.85.1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:0432	2024-01-25T00:00:00Z
kernel-rt-0:5.14.0-70.85.1.rt21.156.el9_0	cpe:/a:redhat:rhel_eus:9.0::nfv	RHSA-2024:0431	2024-01-25T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.48.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:0448	2024-01-25T00:00:00Z
kernel-rt-0:5.14.0-284.48.1.rt14.333.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:0439	2024-01-25T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.87.1.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:0412	2024-01-25T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:0412
https://access.redhat.com/errata/RHSA-2024:0431
https://access.redhat.com/errata/RHSA-2024:0432
https://access.redhat.com/errata/RHSA-2024:0439
https://access.redhat.com/errata/RHSA-2024:0448
https://access.redhat.com/errata/RHSA-2024:0575
https://access.redhat.com/errata/RHSA-2024:2394
https://access.redhat.com/errata/RHSA-2024:2950
https://access.redhat.com/errata/RHSA-2024:3138
https://access.redhat.com/security/cve/CVE-2023-3567
https://bugzilla.redhat.com/show_bug.cgi?id=2221463
https://nvd.nist.gov/vuln/detail/CVE-2023-3567
https://www.cve.org/CVERecord?id=CVE-2023-3567
https://www.spinics.net/lists/stable-commits/msg285184.html

History

Fri, 13 Sep 2024 19:45:00 +0000

Type	Values Removed	Values Added
References	http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-07-24T15:19:19.795Z

Updated: 2024-09-13T18:22:33.722Z

Reserved: 2023-07-09T09:05:56.937Z

Link: CVE-2023-3567

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-07-24T16:15:12.990

Modified: 2024-09-13T19:15:14.160

Link: CVE-2023-3567

Redhat

Severity : Moderate

Publid Date: 2023-01-14T00:00:00Z

Links: CVE-2023-3567 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object