Vulnerabilities > CVE-2023-3297 - Use After Free vulnerability in Canonical Accountsservice and Ubuntu Linux
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182
- https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297
- https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/
- https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/
- https://ubuntu.com/security/notices/USN-6190-1
- https://ubuntu.com/security/notices/USN-6190-1