PT-2022-6784 · Linux+4 · Linux Kernel+4

Nicolas Wu

+1

·

Published

2022-05-22

·

Updated

2026-02-19

·

CVE-2023-21400

CVSS v3.1

6.7

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a possible kernel memory corruption due to improper locking in multiple functions of io uring.c. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. The vulnerability can be exploited using the Dirty Pagetable technique, which enables arbitrary read/write access to physical memory. There have been reports of successful exploitation on Google Pixel 7 devices. The success rate of the exploit is approximately 30%, decided by the vulnerability due to the race condition.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2023-04649
CVE-2023-21400
DLA-3623-1
DSA-5480-1
LSN-0098-1
OESA-2023-1666
OESA-2023-1667
OESA-2023-1668
OESA-2023-1669
OESA-2023-1670
OPENSUSE-SU-2023_3302-1
OPENSUSE-SU-2023_3311-1
OPENSUSE-SU-2023_3313-1
OPENSUSE-SU-2023_3318-1
OPENSUSE-SU-2023_3376-1
OPENSUSE-SU-2023_3377-1
OPENSUSE-SU-2023_3684-1
SUSE-SU-2023:3302-1
SUSE-SU-2023:3311-1
SUSE-SU-2023:3313-1
SUSE-SU-2023:3318-1
SUSE-SU-2023:3376-1
SUSE-SU-2023:3377-1
SUSE-SU-2023:3684-1
SUSE-SU-2023:3687-1
SUSE-SU-2023:3785-1
USN-6315-1
USN-6325-1
USN-6330-1
USN-6332-1
USN-6348-1
USN-7234-1
USN-7234-2
USN-7234-3
USN-7234-4
USN-7234-5
USN-7295-1
USN-7413-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu