Vulnerability Description
A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2023-4394Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2219263Issue TrackingPatchThird Party Advisory
- https://patchwork.kernel.org/project/linux-btrfs/patch/20220815151606.3479183-1-Mailing ListPatchVendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-4394Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2219263Issue TrackingPatchThird Party Advisory
- https://patchwork.kernel.org/project/linux-btrfs/patch/20220815151606.3479183-1-Mailing ListPatchVendor Advisory
FAQ
What is CVE-2023-4394?
CVE-2023-4394 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a sys...
How severe is CVE-2023-4394?
CVE-2023-4394 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4394?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.