Updated: 2023-09-08
CWE: CWE-416
Description:
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.
CVSS3: 7.8
| OS | Vendor version | Errata |
|---|---|---|
| Debian 12 | 6.1.37-1 | DSA-5448-1 |
| Amazon Linux 2023 | 6.1.34-59.116.amzn2023 | ALAS2023-2023-234 |
| OS | Original kernel version | State |
|---|---|---|
| Debian 12 | |
Ready For Release |
| Amazon Linux 2023 | |
Planned |