CVE-2023-4394

CVSS 3.1 Score 6.0 of 10 (medium)

Details

Published Aug 17, 2023
Updated: Nov 7, 2023
CWE ID 400
CWE ID 416

Summary

CVE-2023-4394 is a use-after-free vulnerability identified in the btrfs_get_dev_args_from_path function of the Linux Kernel's fs/btrfs/volumes.c file. An attacker with special privileges can exploit this flaw to cause a system crash or leak sensitive internal kernel information. The use-after-free condition occurs when memory that has been previously freed is accessed again, leading to unpredictable behavior and potential security risks. This vulnerability affects the btrfs file-system and poses a significant threat to local systems if exploited successfully.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share