CVE-2023-2612

low-risk

Published 2023-05-31

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.4/10 Medium

LOCAL / LOW complexity

Affected Products (3)

Ubuntu Linux

Affected Vendors

Canonical

References (14)

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LS...

Mailing List https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commi...

Vendor Advisory https://ubuntu.com/security/CVE-2023-2612

Vendor Advisory https://ubuntu.com/security/notices/USN-6122-1

Vendor Advisory https://ubuntu.com/security/notices/USN-6123-1

Vendor Advisory https://ubuntu.com/security/notices/USN-6124-1

Vendor Advisory https://ubuntu.com/security/notices/USN-6127-1

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LS...

Mailing List https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commi...

Vendor Advisory https://ubuntu.com/security/CVE-2023-2612

Vendor Advisory https://ubuntu.com/security/notices/USN-6122-1

Vendor Advisory https://ubuntu.com/security/notices/USN-6123-1

Vendor Advisory https://ubuntu.com/security/notices/USN-6124-1

Vendor Advisory https://ubuntu.com/security/notices/USN-6127-1

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 9/34 · Low