CVE-2023-52646

aio: fix mremap after fork null-deref

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

aio: fix mremap after fork null-deref

Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced
a null-deref if mremap is called on an old aio mapping after fork as
mm->ioctx_table will be set to NULL.

[jmoyer@redhat.com: fix 80 column issue]

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: aio: corrige mremap después de la bifurcación null-deref Commit e4a0d3e720e7 ("aio: Make it posible reasignar el anillo aio") introdujo un null-deref si se llama a mremap en un mapeo aio antiguo después de la bifurcación como mm->ioctx_table se establecerá en NULL. [jmoyer@redhat.com: soluciona el problema de 80 columnas]

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-04-26 CVE Published
2024-04-27 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/e4a0d3e720e7e508749c1439b5ba3aff56c92976	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95	2023-02-22
https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22	2023-02-22
https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2	2023-02-22
https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f	2023-02-22
https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1	2023-02-22
https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d	2023-02-22
https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1	2023-02-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 4.14.306 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.14.306"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 4.19.273 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.19.273"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.4.232 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.4.232"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.10.169 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.10.169"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.15.95 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.15.95"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 6.1.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 6.1.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 6.2"		en		Affected