CVE-2023-2598

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw was found in the fixed buffer registration code for io uring (io sqe buffer register in io uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation. The issue is related to the io uring subsystem and can lead to out-of-bounds read/write access to physical memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Out of bounds Read

Memory Corruption

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787CWE-416

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-1969

ALT-PU-2023-1994

AZL-27061

BDU:2023-02627

CVE-2023-2598

Affected Products

Alt Linux

Linux Kernel

CVE-2023-2598

Weakness Enumeration

Related Identifiers

Affected Products

References · 35