CVE-2023-3297
Ubuntu Security Notice USN-6190-1
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
en Ubuntu AccountsService un atacante local no privilegiado puede desencadenar una vulnerabilidad de uso de memoria previamente liberada en accountsservice enviando mensajes D-Bus al accounts-daemon process.
USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code.
*Credits:
Kevin Backhouse
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-16 CVE Reserved
- 2023-06-28 CVE Published
- 2024-09-30 CVE Updated
- 2024-09-30 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297 | Issue Tracking |
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 | 2024-09-30 | |
| https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice | 2024-09-30 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://ubuntu.com/security/notices/USN-6190-1 | 2023-09-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Accountsservice Search vendor "Canonical" for product "Accountsservice" | < 23.13.9-2ubuntu2 Search vendor "Canonical" for product "Accountsservice" and version " < 23.13.9-2ubuntu2" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Canonical Search vendor "Canonical" | Accountsservice Search vendor "Canonical" for product "Accountsservice" | < 22.08.8-1ubuntu7.1 Search vendor "Canonical" for product "Accountsservice" and version " < 22.08.8-1ubuntu7.1" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 23.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "23.04" | - |
Safe
|
| Canonical Search vendor "Canonical" | Accountsservice Search vendor "Canonical" for product "Accountsservice" | < 22.08.8-1ubuntu7.1 Search vendor "Canonical" for product "Accountsservice" and version " < 22.08.8-1ubuntu7.1" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.10" | - |
Safe
|
| Canonical Search vendor "Canonical" | Accountsservice Search vendor "Canonical" for product "Accountsservice" | < 22.07.5-2ubuntu1.4 Search vendor "Canonical" for product "Accountsservice" and version " < 22.07.5-2ubuntu1.4" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.04" | lts |
Safe
|
| Canonical Search vendor "Canonical" | Accountsservice Search vendor "Canonical" for product "Accountsservice" | < 0.6.55-0ubuntu12\~20.04.6 Search vendor "Canonical" for product "Accountsservice" and version " < 0.6.55-0ubuntu12\~20.04.6" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Safe
|
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 23.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "23.04" | - |
Affected
| ||||||