Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2023-3212

Public on 2023-06-14
Modified on 2024-01-11
Description

A flaw in the Linux Kernel found in the GFS2 file system. On corrupted gfs2 file systems the evict code can try to reference the journal descriptor structure, jdesc, after it has been freed and set to NULL. It can lead to null pointer dereference when gfs2_trans_begin being called and then fail ingfs2_evict_inode().

Severity
Medium
See what this means
CVSS v3 Base Score
6.7
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core kernel 2023-09-27 22:48 ALAS2-2023-2268
Amazon Linux 2 - Kernel-5.10 Extra kernel 2023-06-21 19:12 ALAS2KERNEL-5.10-2023-034
Amazon Linux 2 - Kernel-5.15 Extra kernel 2023-06-21 19:12 ALAS2KERNEL-5.15-2023-021
Amazon Linux 2 - Kernel-5.4 Extra kernel 2023-08-17 17:04 ALAS2KERNEL-5.4-2023-051
Amazon Linux 2 - Kernel-5.4 Extra kernel 2023-09-27 22:59 ALAS2KERNEL-5.4-2023-054

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2023-3212 Mitre: CVE-2023-3212 FAQs regarding Amazon Linux ALAS/CVE Severity