PT-2021-7639 · Linux+1 · Linux Kernel+1

Published

2020-12-18

Updated

2023-03-10

CVE-2023-0240

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.161

Description The issue is related to a logic error in the io uring implementation, which can trigger a use-after-free vulnerability leading to privilege escalation. In the io prep async work function, the assumption that the last io grab identity call cannot return false is not true. If it does return false, the function will use the init cred or the previous linked requests identity to do operations instead of using the current identity, leading to reference counting issues and use-after-free.

Recommendations To resolve the issue, upgrade past version 5.10.161.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-3536

ALT-PU-2020-3553

ALT-PU-2020-3571

ALT-PU-2021-1083

ALT-PU-2021-1105

ALT-PU-2021-1446

ALT-PU-2021-1621

ALT-PU-2021-1656

ALT-PU-2021-1739

ALT-PU-2021-1862

ALT-PU-2021-1866

ALT-PU-2021-1870

BDU:2023-00628

CVE-2023-0240

DLA-3349-1

OESA-2023-1144

OESA-2023-1157

Affected Products

Alt Linux

Linux Kernel

PT-2021-7639 · Linux+1 · Linux Kernel+1

CVE-2023-0240

Weakness Enumeration

Related Identifiers

Affected Products

References · 28