CVE-2023-2124

2023-05-1500:00:00

ubuntu.com

cve-2023-2124

memory access flaw

xfs file system

system crash

privilege escalation

corrupt filesystem image

unix

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS
file system in how a user restores an XFS image after failure (with a dirty
log journal). This flaw allows a local user to crash or potentially
escalate their privileges on the system.

Notes

Author	Note
cascardo	requires a corrupt filesystem image

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-214.225UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-156.173UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-79.86UNKNOWN
ubuntu23.04noarchlinux< 6.2.0-25.25UNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< 4.4.0-243.277UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1159.172UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1107.115UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1042.47UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-214.225	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-156.173	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-79.86	UNKNOWN
ubuntu	23.04	noarch	linux	< 6.2.0-25.25	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-243.277	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1159.172	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1107.115	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1042.47	UNKNOWN