CVE-2023-3567: Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. In this flaw an attacker with local user access may ead to a system crash or a leak of internal kernel information.
Reference: https://www.spinics.net/lists/stable-commits/msg285184.html
Other sources
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information.
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
— Launchpad
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free flaw in the vcsread function in drivers/tty/vt/vcscreen.c in vcscreen. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain internal kernel information or cause the system to crash.
— IBM
Affected Software
Remediation
Patch Available
Event History
Frequently Asked Questions
What is the severity of CVE-2023-3567?
CVE-2023-3567 has been rated as a high severity vulnerability due to its potential to cause a system crash or leak internal kernel information.
How do I fix CVE-2023-3567?
To fix CVE-2023-3567, update to a kernel version that is 6.2 or later.
Which systems are affected by CVE-2023-3567?
CVE-2023-3567 affects various versions of the Linux Kernel, including 6.2 and earlier versions.
What type of vulnerability is CVE-2023-3567?
CVE-2023-3567 is a use-after-free vulnerability found in the vcs_read function within the Linux Kernel.
Can CVE-2023-3567 be exploited remotely?
No, CVE-2023-3567 requires local user access to exploit.