PT-2022-6542 · Linux+5 · Linux Kernel+5

Bing-Jhong Billy Jheng

Published

2022-04-07

Updated

2024-04-03

CVE-2023-1872

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A use-after-free vulnerability in the Linux Kernel io uring system can be exploited to achieve local privilege escalation. The io file get fixed function lacks the presence of ctx->uring lock which can lead to a use-after-free vulnerability due to a race condition with fixed files getting unregistered.

Recommendations Upgrade past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8 to resolve the issue. As a temporary workaround, consider restricting access to the io uring system to minimize the risk of exploitation.

Fix

LPE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2022-1647

ALT-PU-2022-1730

ALT-PU-2022-1768

ALT-PU-2022-2155

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

AZL-26167

BDU:2023-02164

CVE-2023-1872

DLA-3404-1

LSN-0095-1

LSN-0102-1

OESA-2023-1265

OESA-2023-1268

SUSE-SU-2023:2146-1

SUSE-SU-2023:2147-1

SUSE-SU-2023:2148-1

SUSE-SU-2023:2401-1

SUSE-SU-2023:2405-1

SUSE-SU-2023:2416-1

SUSE-SU-2023:2423-1

SUSE-SU-2023:2448-1

USN-6044-1

USN-6051-1

USN-6070-1

USN-6107-1

USN-6133-1

USN-6134-1

Affected Products

Alt Linux

Astra Linux

Linux Kernel

Linuxmint

Suse

Ubuntu

PT-2022-6542 · Linux+5 · Linux Kernel+5

CVE-2023-1872

Weakness Enumeration

Related Identifiers

Affected Products

References · 147