CVE-2023-3141

2023-06-0900:00:00

ubuntu.com

cve-2023-3141

use-after-free flaw

media access

linux kernel

local attacker

device disconnect

kernel information leak

module unload

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A use-after-free flaw was found in r592_remove in
drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw
allows a local attacker to crash the system at device disconnect, possibly
leading to a kernel information leak.

Notes

Author	Note
sbeattie	occurs on module unload, dropping priority to low. break commit is when the device driver was introduced; issue may have been introduced at some point later.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-214.225UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-156.173UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-79.86UNKNOWN
ubuntu23.04noarchlinux< 6.2.0-27.28UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-243.277UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1159.172UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1107.115UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1042.47UNKNOWN
ubuntu23.04noarchlinux-aws< 6.2.0-1009.9UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1121.127UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-214.225	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-156.173	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-79.86	UNKNOWN
ubuntu	23.04	noarch	linux	< 6.2.0-27.28	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-243.277	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1159.172	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1107.115	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1042.47	UNKNOWN
ubuntu	23.04	noarch	linux-aws	< 6.2.0-1009.9	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1121.127	UNKNOWN