Bug 2221463 (CVE-2023-3567) - CVE-2023-3567 kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
Summary: CVE-2023-3567 kernel: use after free in vcs_read in drivers/tty/vt/vc_screen....
Keywords:
Status: NEW
Alias: CVE-2023-3567
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2221467 2221468 2221465 2221466
Blocks: 2186438
TreeView+ depends on / blocked
 
Reported: 2023-07-09 09:15 UTC by Rohit Keshri
Modified: 2024-05-02 22:49 UTC (History)
46 users (show)

Fixed In Version: kernel 6.2-rc7
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:0688 0 None None None 2024-02-05 17:04:23 UTC
Red Hat Product Errata RHBA-2024:2634 0 None None None 2024-05-01 01:21:55 UTC
Red Hat Product Errata RHBA-2024:2650 0 None None None 2024-05-02 00:14:44 UTC
Red Hat Product Errata RHBA-2024:2686 0 None None None 2024-05-02 22:49:50 UTC
Red Hat Product Errata RHSA-2024:0412 0 None None None 2024-01-24 16:44:11 UTC
Red Hat Product Errata RHSA-2024:0431 0 None None None 2024-01-24 15:24:39 UTC
Red Hat Product Errata RHSA-2024:0432 0 None None None 2024-01-24 15:25:21 UTC
Red Hat Product Errata RHSA-2024:0439 0 None None None 2024-01-24 16:35:57 UTC
Red Hat Product Errata RHSA-2024:0448 0 None None None 2024-01-24 16:37:50 UTC
Red Hat Product Errata RHSA-2024:0575 0 None None None 2024-01-30 13:21:49 UTC
Red Hat Product Errata RHSA-2024:2394 0 None None None 2024-04-30 10:10:37 UTC

Description Rohit Keshri 2023-07-09 09:15:20 UTC 
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. In this flaw an attacker with local user access may ead to a system crash or a leak of internal kernel information.

Reference:
https://www.spinics.net/lists/stable-commits/msg285184.html
Comment 10 errata-xmlrpc 2024-01-24 15:24:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:0431 https://access.redhat.com/errata/RHSA-2024:0431
Comment 11 errata-xmlrpc 2024-01-24 15:25:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:0432 https://access.redhat.com/errata/RHSA-2024:0432
Comment 12 errata-xmlrpc 2024-01-24 16:35:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0439
Comment 13 errata-xmlrpc 2024-01-24 16:37:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0448 https://access.redhat.com/errata/RHSA-2024:0448
Comment 14 errata-xmlrpc 2024-01-24 16:44:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:0412
Comment 15 errata-xmlrpc 2024-01-30 13:21:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0575 https://access.redhat.com/errata/RHSA-2024:0575
Comment 17 errata-xmlrpc 2024-04-30 10:10:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
Note You need to log in before you can comment on or make changes to this bug.