Description
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Canonical Ltd. / ubuntu-linux0 – 02b47547824b1cd0d55c6744f91886f04de8947e
References
- MISChttps://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?id=02b47547824b1cd0d55c6744f91886f04de8947e
- VENDOR_ADVISORYhttps://ubuntu.com/security/CVE-2023-2612
- VENDOR_ADVISORYhttps://ubuntu.com/security/notices/USN-6122-1
- VENDOR_ADVISORYhttps://ubuntu.com/security/notices/USN-6123-1
- VENDOR_ADVISORYhttps://ubuntu.com/security/notices/USN-6124-1
- VENDOR_ADVISORYhttps://ubuntu.com/security/notices/USN-6127-1
- EXPLOIThttp://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html