2218566 – (CVE-2023-3297) CVE-2023-3297 accountsservice: use-after-free via a D-Bus message to the accounts-daemon process

Bug 2218566 (CVE-2023-3297) - CVE-2023-3297 accountsservice: use-after-free via a D-Bus message to the accounts-daemon process

Summary: CVE-2023-3297 accountsservice: use-after-free via a D-Bus message to the acco...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-3297
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2218567 2218581 2218582 2218583 2218584 2218585 2218822 2218823 2218824 2218825 2218826 2218827 2218828
Blocks:	2218568
TreeView+	depends on / blocked

Reported:	2023-06-29 14:14 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-06-30 19:16 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2023-06-30 19:16:46 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-06-29 14:14:49 UTC

An unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

References:
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182
https://packetstormsecurity.com/files/173189/USN-6190-1.txt

Comment 1 Guilherme de Almeida Suckevicz 2023-06-29 14:15:04 UTC

Created accountsservice tracking bugs for this issue:

Affects: fedora-all [bug 2218567]

Note You need to log in before you can comment on or make changes to this bug.