CVE-2023-4394

Public on 2023-08-17
Modified on 2024-06-28
Description
A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information
Severity
Medium severity
Medium
CVSS v3 Base Score
6.7
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel Not Affected
Amazon Linux 2 - Core kernel Not Affected
Amazon Linux 2 - Kernel-5.10 Extra kernel Not Affected
Amazon Linux 2 - Kernel-5.4 Extra kernel Not Affected
Amazon Linux 2 - Kernel-5.15 Extra kernel 2022-09-30 ALAS2KERNEL-5.15-2022-008 Fixed
Amazon Linux 2023 kernel Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H