CVE-2023-1252

HIGH

Linux Kernel 5.6-5.10.79 - Use-After-Free in Ext4 OverlayFS

Title source: llm

Description

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.

References (2)

Core 2

Core References

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230505-0005/

Mailing List

https://lore.kernel.org/lkml/20211115165433.449951285%40linuxfoundation.org/

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 12.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (1)

linux/linux_kernel 5.6 - 5.10.80

Published Mar 23, 2023

Tracked Since Feb 18, 2026