6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability
exists in the implementation of the file name reconstruction function,
which is responsible for reading file name entries from a directory index
and merging file name parts belonging to one file into a single long file
name. Since the file name characters are copied into a stack variable, a
local privileged attacker could use this flaw to overflow the kernel stack.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < 5.15.0-86.96 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.2.0-34.34 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1047.52 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1013.13 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1047.52~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.2 | < 6.2.0-1013.13~22.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1049.56 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-azure | < 6.2.0-1014.14 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1049.56~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.2 | < 6.2.0-1014.14~22.04.1 | UNKNOWN |
access.redhat.com/security/cve/CVE-2023-4273
dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/
launchpad.net/bugs/cve/CVE-2023-4273
nvd.nist.gov/vuln/detail/CVE-2023-4273
security-tracker.debian.org/tracker/CVE-2023-4273
ubuntu.com/security/notices/USN-6343-1
ubuntu.com/security/notices/USN-6385-1
ubuntu.com/security/notices/USN-6412-1
ubuntu.com/security/notices/USN-6416-1
ubuntu.com/security/notices/USN-6416-2
ubuntu.com/security/notices/USN-6416-3
ubuntu.com/security/notices/USN-6445-1
ubuntu.com/security/notices/USN-6445-2
ubuntu.com/security/notices/USN-6466-1
www.cve.org/CVERecord?id=CVE-2023-4273