CVE-2023-3111
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Kernel | Kernel version prior to Kernel 6.0-rc2 | affected |
Weaknesses
- CWE-416: CWE-416
ADP Enrichment
CVE Program Container
Additional References
- https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6%40gmail.com/
- https://security.netapp.com/advisory/ntap-20230703-0007/
- https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
- https://www.debian.org/security/2023/dsa-5480
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6%40gmail.com/
- https://security.netapp.com/advisory/ntap-20230703-0007/
- https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
- https://www.debian.org/security/2023/dsa-5480
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.