PT-2023-6737 · Linux+7 · Linux Kernel+7

J51569436

·

Published

2023-10-25

·

Updated

2024-12-19

·

CVE-2023-46862

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.5.9
Description An issue in the Linux kernel is related to a NULL pointer dereference in the io uring show fdinfo() function within the io uring/fdinfo.c module. This occurs due to a race condition with SQ thread exit, potentially leading to a denial of service. The exploitation of this issue may allow an attacker to cause a service disruption.
Recommendations For Linux kernel versions through 6.5.9, as a temporary workaround, consider disabling the io uring show fdinfo() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-476

Related Identifiers

ALSA-2024:2394
ALT-PU-2023-7472
ALT-PU-2024-1031
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-31816
BDU:2023-07513
CVE-2023-46862
DLA-3711-1
DSA-5594-1
INFSA-2024_2394
OESA-2023-1797
OESA-2023-1798
OESA-2023-1799
OPENSUSE-SU-2023_4730-1
OPENSUSE-SU-2023_4731-1
OPENSUSE-SU-2023_4732-1
OPENSUSE-SU-2023_4734-1
OPENSUSE-SU-2023_4782-1
RHSA-2024:2394
RHSA-2024_2394
SUSE-SU-2023:4730-1
SUSE-SU-2023:4731-1
SUSE-SU-2023:4732-1
SUSE-SU-2023:4734-1
SUSE-SU-2023:4782-1
SUSE-SU-2023:4810-1
USN-6533-1
USN-6624-1
USN-6652-1
USN-6686-1
USN-6686-2
USN-6686-3
USN-6686-4
USN-6686-5
USN-6705-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu