CVE-2023-4389 : A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesy

A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.

Published 2023-08-16 19:15:10

Updated 2023-12-22 17:14:53

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2023-4389

Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.35
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.7 and before (<) 5.10.112
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 5.17.4
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-4389

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 2 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-4389

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H	1.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High
7.0	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.0	5.9	Red Hat, Inc.
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-4389

CWE-415 Double Free

The product calls free() twice on the same memory address.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-4389

https://access.redhat.com/security/cve/CVE-2023-4389

CVE-2023-4389- Red Hat Customer Portal
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2219271

2219271 – (CVE-2023-4389) CVE-2023-4389 kernel: btrfs: double free in btrfs_get_root_ref()
Issue Tracking;Third Party Advisory
https://patchwork.kernel.org/project/linux-btrfs/patch/20220324134454.15192-1-baijiaju1990@gmail.com/

fs: btrfs: fix possible use-after-free bug in error handling code of btrfs_get_root_ref() - Patchwork
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-4389

Products affected by CVE-2023-4389

Exploit prediction scoring system (EPSS) score for CVE-2023-4389

CVSS scores for CVE-2023-4389

CWE ids for CVE-2023-4389

References for CVE-2023-4389