PT-2022-6724 · Linux+6 · Linux Kernel+6

Querijn Voet

·

Published

2022-07-24

·

Updated

2024-11-21

·

CVE-2023-3389

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to the commit ef7dfac51d8ed961b742218f526bd589f3900a59 Linux Kernel 5.10 versions prior to 4716c73b188566865bdd79c3a6709696a224ac04 Linux Kernel 5.15 versions prior to 0e388fce7aec40992eadee654193cad345d62663
Description A use-after-free vulnerability in the Linux Kernel io uring subsystem can be exploited to achieve local privilege escalation. Racing a io uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. This issue allows an attacker to potentially gain elevated privileges on a system.
Recommendations Upgrade past commit ef7dfac51d8ed961b742218f526bd589f3900a59 to fix the issue. For Linux Kernel 5.10, upgrade past commit 4716c73b188566865bdd79c3a6709696a224ac04. For Linux Kernel 5.15, upgrade past commit 0e388fce7aec40992eadee654193cad345d62663. As a temporary workaround, consider restricting access to the io uring subsystem until a patch is available.

Fix

LPE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-662CWE-416

Related Identifiers

ALT-PU-2023-4145
ALT-PU-2023-4146
ALT-PU-2023-4401
ALT-PU-2023-4482
ALT-PU-2023-4663
ALT-PU-2023-5044
ALT-PU-2023-8461
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-27349
AZL-31612
BDU:2023-03727
CVE-2023-3389
DLA-3623-1
DSA-5480-1
LSN-0097-1
OESA-2023-1423
OESA-2023-1424
OESA-2023-1425
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2023_2892-1
OPENSUSE-SU-2023_3302-1
SUSE-SU-2023:2803-1
SUSE-SU-2023:2820-1
SUSE-SU-2023:2831-1
SUSE-SU-2023:2871-1
SUSE-SU-2023:2892-1
SUSE-SU-2023:3302-1
USN-6246-1
USN-6248-1
USN-6249-1
USN-6250-1
USN-6255-1
USN-6260-1

Affected Products

Alt Linux
Astra Linux
Linux Kernel
Linuxmint
Red Os
Suse
Ubuntu