CVE-2023-4273
Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
09 ago 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Produtos afetados
Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2023:6583https://access.redhat.com/security/cve/CVE-2023-4273https://bugzilla.redhat.com/show_bug.cgi?id=2221609https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TYLSJ2SAI7RF56ZLQ5CQWCJLVJSD73Q/https://security.netapp.com/advisory/ntap-20231027-0002/https://www.debian.org/security/2023/dsa-5480https://www.debian.org/security/2023/dsa-5492