CVE-2023-37454 - Vulnerability Details - OpenCVE

An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5
https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/
https://nvd.nist.gov/vuln/detail/CVE-2023-37454
https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55
https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57
https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d
https://www.cve.org/CVERecord?id=CVE-2023-37454

History

Wed, 20 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-06T00:00:00

Updated: 2024-11-20T19:45:54.146Z

Reserved: 2023-07-06T00:00:00

Link: CVE-2023-37454

Vulnrichment

Updated: 2024-08-02T17:16:30.359Z

NVD

Status : Modified

Published: 2023-07-06T17:15:14.240

Modified: 2024-11-21T08:11:44.337

Link: CVE-2023-37454

Redhat

Severity : Low

Publid Date: 2023-05-24T00:00:00Z

Links: CVE-2023-37454 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-37454", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-20T19:45:54.146Z", "dateReserved": "2023-07-06T00:00:00", "datePublished": "2023-07-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-25T00:41:56.237993"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/"}, {"url": "https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57"}, {"url": "https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d"}, {"url": "https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454"}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:16:30.359Z"}, "title": "CVE Program Container", "references": [{"url": "https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/", "tags": ["x_transferred"]}, {"url": "https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57", "tags": ["x_transferred"]}, {"url": "https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d", "tags": ["x_transferred"]}, {"url": "https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55", "tags": ["x_transferred"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-20T19:45:43.468060Z", "id": "CVE-2023-37454", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T19:45:54.146Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/", "tags": ["x_transferred"]}, {"url": "https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57", "tags": ["x_transferred"]}, {"url": "https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d", "tags": ["x_transferred"]}, {"url": "https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55", "tags": ["x_transferred"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:16:30.359Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-37454", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-20T19:45:43.468060Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T19:45:49.423Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/"}, {"url": "https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57"}, {"url": "https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d"}, {"url": "https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454"}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-25T00:41:56.237993"}}}, "cveMetadata": {"cveId": "CVE-2023-37454", "state": "PUBLISHED", "dateUpdated": "2024-11-20T19:45:54.146Z", "dateReserved": "2023-07-06T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-07-06T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF02ABCB-0811-4AB3-A07B-FDE9C2529C6F", "versionEndIncluding": "6.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this."}], "id": "CVE-2023-37454", "lastModified": "2024-11-21T08:11:44.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-06T17:15:14.240", "references": [{"source": "cve@mitre.org", "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454"}, {"source": "cve@mitre.org", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5"}, {"source": "cve@mitre.org", "url": "https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: udf: use-after-free write in udf_close_lvid", "id": "2221038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221038"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.", "A use-after-free flaw was found in the UDF file system in the Linux kernel. This issue could allow a malicious user to crash the system, resulting in a denial of service."], "name": "CVE-2023-37454", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-37454\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37454"], "statement": "This flaw can only be triggered by directly writing to the UDF filesystem's underlying block device while it is mounted. Because block devices have restrictive permissions by default, this flaw has been rated as having a security impact of Low.", "threat_severity": "Low"}