CVE-2023-2598
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
Se encontró una falla en el código de registro de búfer fijo para io_uring (io_sqe_buffer_register en io_uring/rsrc.c) en el kernel de Linux que permite el acceso fuera de los límites a la memoria física más allá del final del búfer. Esta falla permite la escalada completa de privilegios locales.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-09 CVE Reserved
- 2023-06-01 CVE Published
- 2023-06-01 EPSS Updated
- 2023-11-23 First Exploit
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2024/04/24/3 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20230703-0006 | Third Party Advisory |
|
| https://www.openwall.com/lists/oss-security/2023/05/08/3 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ysanatomic/io_uring_LPE-CVE-2023-2598 | 2023-11-23 | |
| https://github.com/cainiao159357/CVE-2023-2598 | 2024-08-31 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.3.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.3.2" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h300s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h300s" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h410c Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h410c" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h410s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h410s" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h500s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h500s" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h700s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h700s" | - |
Affected
| ||||||