CVE-2023-23586

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.161

Description A vulnerability in the io uring subsystem can leak kernel memory information to the user process. The timens install function calls current is single threaded to determine if the current process is single-threaded, but this call does not consider io uring's io worker threads. This allows a time namespace's vvar page to be inserted into the process's memory space via a page fault. When the time namespace is destroyed, the vvar page is freed but not removed from the process's memory, and a subsequent page allocated by the kernel can leak memory contents via this read-only use-after-free vulnerability.

Recommendations To resolve the issue, upgrade past version 5.10.161 or apply the commit 788d0824269bef539fe31a785b1517882eafed93. As a temporary workaround, consider restricting access to the io uring subsystem until a patch is available.