CVE-2023-45898

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 16, 2023
Updated: Nov 7, 2023
CWE ID 416

Summary

CVE-2023-45898 is a newly disclosed vulnerability affecting the Linux kernel version prior to 6.5.4. This issue leads to a use-after-free condition in the ext4 file system, specifically in the extents_status.c file, during the ext4_es_insert_extent function execution. Exploitation of this vulnerability could potentially allow attackers to execute arbitrary code with kernel privileges, resulting in a serious security risk for affected systems. System administrators are advised to upgrade their Linux kernels as soon as possible to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share