PT-2023-2762 · Linux+1 · Linux Kernel+1

Tobias Holl

Publicado

2023-05-03

Atualizado

2025-09-29

CVE-2023-2598

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw was found in the fixed buffer registration code for io uring (io sqe buffer register in io uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation. The issue is related to the io uring subsystem and can lead to out-of-bounds read/write access to physical memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Out of bounds Read

Memory Corruption

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-787CWE-416

Identificadores relacionados

ALSA-2025_16880

ALT-PU-2023-1969

ALT-PU-2023-1994

AZL-27061

BDU:2023-02627

CVE-2023-2598

Produtos afetados

Alt Linux

Linux Kernel

PT-2023-2762 · Linux+1 · Linux Kernel+1

CVE-2023-2598

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35