ZDI-CAN-20667: (Pwn2Own) Canonical Ubuntu tcindex Double-Free Local Privilege Escalation Vulnerability
First published: Thu Jul 06 2023(Updated: )
This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the tcindex module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
| Affected Software | Affected Version | How to fix |
|---|---|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is ZDI-CAN-20667.
What is the severity level of ZDI-CAN-20667?
The severity level of ZDI-CAN-20667 is high with a CVSS score of 7.8.
Which software is affected by ZDI-CAN-20667?
ZDI-CAN-20667 affects Canonical Ubuntu.
How can an attacker exploit ZDI-CAN-20667?
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit ZDI-CAN-20667.
Is there a fix for ZDI-CAN-20667?
Yes, there is a fix available for ZDI-CAN-20667. Please refer to the provided references for more information.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-898
- alias/ZDI-CAN-20667
- alias/CVE-2023-1829
- agent/software-canonical-lookup
- collector/zdi-published
- vendor/canonical
- canonical/canonical ubuntu