Login Sign Up

CVE-2023-3397

7.0 HIGH
Denial of Service

📋 TL;DR

A race condition vulnerability in the JFS filesystem of the Linux kernel allows local attackers with standard user privileges to cause a system crash (kernel panic) or potentially leak kernel memory information. This affects Linux systems using the JFS filesystem. Attackers need local access but no special privileges.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific affected versions vary by distribution. Check vendor advisories for exact ranges.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if JFS filesystem is mounted/used. Many distributions don't use JFS by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash leading to denial of service, or kernel memory information disclosure that could aid further exploitation.

🟠

Likely Case

Local denial of service through system crash/kernel panic.

🟢

If Mitigated

Minimal impact if JFS filesystem is not in use or proper access controls limit local user privileges.

🌐 Internet-Facing: LOW - Requires local access, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local users can cause system crashes, but requires JFS usage.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and race condition triggering between specific kernel functions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check your distribution's security updates. Kernel fixes available upstream.

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2023-3397

Restart Required: Yes

Instructions:

1. Update Linux kernel via your distribution's package manager. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable JFS filesystem

linux

Prevent mounting or using JFS filesystem to eliminate attack surface.

# Unmount any JFS partitions
# Remove JFS kernel module: rmmod jfs
# Blacklist module: echo 'blacklist jfs' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Restrict local user access to systems using JFS filesystem
  • Implement strict privilege separation and limit user capabilities

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if JFS is in use: uname -r && lsmod | grep jfs

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update and confirm JFS module not loaded if disabled.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • System crash/reboot events
  • JFS-related error messages

Network Indicators:

  • None - local exploitation only

SIEM Query:

Search for kernel panic or system crash events on Linux systems with JFS filesystem.

📊 Metadata

CVE ID: CVE-2023-3397
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: November 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3397, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)