CVE-2023-49298

Summary

CVE-2023-49298 is a vulnerability affecting OpenZFS before version 2.1.14 and 2.2.x up to 2.2.1. In certain situations involving the efficient copying of file data, this issue can lead to the replacement of file contents with zero-valued bytes. This could potentially disable security mechanisms, although not always resulting in security-related consequences. An example of such a scenario involves the use of the 'cp' command from GNU Core Utilities when preserving rule sets for access control, such as with the /etc/hosts.deny file. This issue is less frequent in version 2.2.1 and occurs less often in versions before 2.1.4 due to their default configurations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.