Use After Free in Fedora
CVE-2023-3269
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploi…
Vulnerability class: Use-After-Free
EPSS: 0.002 (48.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
Public proof-of-concept exploits
References
- access.redhat.com/security/cve/CVE-2023-3269 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2215268 (issue-tracking, x_refsource_REDHAT)
- www.openwall.com/lists/oss-security/2023/07/05/1
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
- seclists.org/fulldisclosure/2023/Jul/43
- www.openwall.com/lists/oss-security/2023/07/28/1
- www.openwall.com/lists/oss-security/2023/08/25/1
- www.openwall.com/lists/oss-security/2023/08/25/4
- security.netapp.com/advisory/ntap-20230908-0001/
Frequently asked questions
- What is CVE-2023-3269?
- CVE-2023-3269 is a high-severity vulnerability in Fedora, classified under Use After Free. CVSS score: 7.8/10. Published 2023-07-11.
- How severe is CVE-2023-3269?
- High severity. CVSS v3 base score is 7.8 out of 10.
- Is CVE-2023-3269 known to be exploited?
- 22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.