CVE-2023-2612: 
Linux Ubuntu vulnerability analysis and mitigation

Jean-Baptiste Cayrou discovered a race condition vulnerability (CVE-2023-2612) in the shiftfs file system of the Ubuntu Linux kernel. The vulnerability was disclosed on May 30, 2023, affecting multiple Ubuntu Linux distributions including versions 20.04 LTS, 22.04 LTS, and 22.10. The issue specifically occurs when handling inode locking in certain situations (Ubuntu CVE).

The vulnerability stems from a race condition in the shiftfs file system when handling inode locking operations. The issue specifically involves improper locking mechanisms when accessing inode methods, which could lead to lock unbalance when certain methods are not implemented. A fix was implemented to ensure proper acquisition of the inode lock of loweridiriop when accessing its methods (Launchpad Patch). The vulnerability has been assigned a CVSS 3.1 Base Score of 4.7 (Medium) by NIST NVD (NVD).

The vulnerability can be exploited by a local attacker to cause a denial of service condition through kernel deadlock. This could potentially affect system availability and stability (Ubuntu CVE).

Ubuntu has released security updates to address this vulnerability across multiple affected versions. Users are advised to update their systems to the patched versions. For Ubuntu 22.04 LTS, this includes updating to linux-image-5.15.0-73-generic version 5.15.0-73.80 and other corresponding kernel packages. After updating, a system reboot is required to apply the changes (Ubuntu Security Notice).