CVE-2023-4622

NameCVE-2023-4622
DescriptionA use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3623-1, DLA-3710-1, DSA-5492-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2vulnerable
buster (security)4.19.304-1fixed
bullseye5.10.209-2fixed
bullseye (security)5.10.205-2fixed
bookworm6.1.76-1fixed
bookworm (security)6.1.85-1fixed
sid, trixie6.7.12-1fixed
linux-5.10 (PTS)buster (security)5.10.209-2~deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebuster4.19.304-1DLA-3710-1
linuxsourcebullseye5.10.197-1
linuxsourcebookworm6.1.52-1DSA-5492-1
linuxsource(unstable)6.4.13-1
linux-5.10sourcebuster5.10.197-1~deb10u1DLA-3623-1

Notes

https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c
Search for package or bug name: Reporting problems