CVE-2023-3212
Public on 2023-06-14
Modified on 2024-04-23
Description
A flaw in the Linux Kernel found in the GFS2 file system. On corrupted gfs2 file systems the evict code can try to reference the journal descriptor structure, jdesc, after it has been freed and set to NULL. It can lead to null pointer dereference when gfs2_trans_begin being called and then fail ingfs2_evict_inode().
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | Not Affected | ||
| Amazon Linux 2 - Core | kernel | 2023-09-27 | ALAS2-2023-2268 | Fixed |
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2023-06-21 | ALAS2KERNEL-5.10-2023-034 | Fixed |
| Amazon Linux 2 - Kernel-5.15 Extra | kernel | 2023-06-21 | ALAS2KERNEL-5.15-2023-021 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2023-08-17 | ALAS2KERNEL-5.4-2023-051 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2023-09-27 | ALAS2KERNEL-5.4-2023-054 | Fixed |
| Amazon Linux 2023 | kernel | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |