CVE-2023-3269 HIGH

CVE-2023-3269: Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal

Vendor N/A
Product kernel
Weakness CWE-416
Published July 11, 2023
Last update March 5, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

Key dates

02Disclosure timeline

July 11, 2023 CVE published
March 5, 2025 Record updated