CVE-2023-1476 - OpenCVE

A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Enterprise Linux Server Tus Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux Eus
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:1659	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-1476	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2176035	Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2	Mailing List Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-11-03T08:07:00.493Z

Updated: 2024-05-03T15:32:33.878Z

Reserved: 2023-03-17T16:28:58.171Z

Link: CVE-2023-1476

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-03T09:15:13.393

Modified: 2023-11-13T17:52:52.947

Link: CVE-2023-1476

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1476", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-03-17T16:28:58.171Z", "datePublished": "2023-11-03T08:07:00.493Z", "dateUpdated": "2024-05-03T15:32:33.878Z"}, "containers": {"cna": {"title": "Kpatch: mm/mremap.c: incomplete fix for cve-2022-41222", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A use-after-free flaw was found in the Linux kernel\u2019s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "kpatch-patch", "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:1659", "name": "RHSA-2023:1659", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-1476", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176035", "name": "RHBZ#2176035", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2"}], "datePublic": "2023-03-07T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-416: Use After Free", "timeline": [{"lang": "en", "time": "2023-03-07T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-03-07T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-03T15:32:33.878Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "202CAD0B-4BA5-4F2B-8C10-8290E5F5434C", "versionEndExcluding": "5.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free flaw was found in the Linux kernel\u2019s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de use-after-free en el c\u00f3digo fuente de contabilidad del espacio de direcciones de memoria mm/mremap del kernel de Linux. Este problema ocurre debido a una condici\u00f3n de ejecuci\u00f3n entre rmap walk y mremap, lo que permite a un usuario local bloquear el sistema o potencialmente aumentar sus privilegios en el sistema."}], "id": "CVE-2023-1476", "lastModified": "2023-11-13T17:52:52.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-11-03T09:15:13.393", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:1659"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-1476"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176035"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "secalert@redhat.com", "type": "Secondary"}]}