Vulnerabilities > CVE-2023-3297 - Use After Free vulnerability in Canonical Accountsservice and Ubuntu Linux

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

canonical

CWE-416

NVD

Published: 2023-09-01

Updated: 2023-09-07

Summary

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

Vulnerable Configurations

Part	Description	Count
Application	Canonical Canonical Accountsservice 0.6.14 Canonical Accountsservice 0.6.55-0Ubuntu12\~20.04 Canonical Accountsservice 0.6.55-0Ubuntu12\~20.04.6 Canonical Accountsservice 0.6.55-0Ubuntu12\~20.05 Canonical Accountsservice 0.6.55-0Ubuntu13 Canonical Accountsservice 0.6.55-0Ubuntu13.3 Canonical Accountsservice 0.6.55-0Ubuntu14 Canonical Accountsservice 0.6.55-0Ubuntu14.1 Canonical Accountsservice 22.07.5-2Ubuntu1.4 Canonical Accountsservice 22.08.8-1Ubuntu7.1	10
OS	Linux Linux Linux Kernel -	1
OS	Canonical Canonical Ubuntu Linux 23.04 Canonical Ubuntu Linux 22.10 Canonical Ubuntu Linux 22.04 Canonical Ubuntu Linux 20.04	4

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References