AZL-31642

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-31642.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-31642

Upstream

CVE-2023-4622

Published

2023-09-06T14:15:12Z

Modified

2026-04-01T05:10:18.156909Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-4622 affecting package hyperv-daemons for versions less than 5.15.135.1-1

Details

A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.

The unixstreamsendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unixstreamsendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.

We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-4622

Affected packages

Azure Linux:2 / hyperv-daemons

Package

Name: hyperv-daemons
Purl: pkg:rpm/azure-linux/hyperv-daemons

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.135.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-31642.json"