CVE-2023-2612
MEDIUMUbuntu Linux - Denial of Service via shiftfs Inode Locking Race Condition
Title source: llmDescription
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).
References (7)
Core 7
Core References
Mailing List, Patch patch
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?id=02b47547824b1cd0d55c6744f91886f04de8947e
Vendor Advisory vendor-advisory
https://ubuntu.com/security/CVE-2023-2612
Vendor Advisory vendor-advisory
https://ubuntu.com/security/notices/USN-6122-1
Vendor Advisory vendor-advisory
https://ubuntu.com/security/notices/USN-6123-1
Vendor Advisory vendor-advisory
https://ubuntu.com/security/notices/USN-6124-1
Vendor Advisory vendor-advisory
https://ubuntu.com/security/notices/USN-6127-1
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html
Scores
CVSS v3
4.4
EPSS
0.0002
EPSS Percentile
6.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-667
Status
published
Products (3)
canonical/ubuntu_linux
20.04
canonical/ubuntu_linux
22.04
canonical/ubuntu_linux
22.10
Published
May 31, 2023
Tracked Since
Feb 18, 2026