CVE-2023-52654

io_uring/af_unix: disable sending io_uring over sockets

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring
in the past, and it still doesn't work exactly right and races with
unix_stream_read_generic(). The safest fix would be to completely
disallow sending io_uring files via sockets via SCM_RIGHT, so there
are no possible cycles invloving registered files and thus rendering
SCM accounting on the io_uring side unnecessary.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: io_uring/af_unix: deshabilita el envío de io_uring a través de sockets Los ciclos de referencia de archivos han causado muchos problemas para io_uring en el pasado, y todavía no funciona exactamente correctamente y corre con unix_stream_read_generic(). La solución más segura sería no permitir por completo el envío de archivos io_uring a través de sockets a través de SCM_RIGHT, de modo que no haya ciclos posibles que involucren archivos registrados y, por lo tanto, hagan innecesaria la contabilidad SCM en el lado io_uring.

In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary.

There is a use-after-free condition in Linux io_uring due to a broken unix GC interaction.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-05-09 CVE Published
2024-05-09 First Exploit
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (14)

URL	Tag	Source
https://git.kernel.org/stable/c/04df9719df1865f6770af9bc7880874af0e594b2	Vuln. Introduced
https://git.kernel.org/stable/c/c378c479c5175833bb22ff71974cda47d7b05401	Vuln. Introduced
https://git.kernel.org/stable/c/813d8fe5d30388f73a21d3a2bf46b0a1fd72498c	Vuln. Introduced
https://git.kernel.org/stable/c/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80	Vuln. Introduced
https://git.kernel.org/stable/c/b4293c01ee0d0ecdd3cb5801e13f62271144667a	Vuln. Introduced
https://git.kernel.org/stable/c/75e94c7e8859e58aadc15a98cc9704edff47d4f2	Vuln. Introduced

URL	Date	SRC
https://packetstorm.news/files/id/189862	2025-03-17
https://github.com/FoxyProxys/CVE-2023-52654	2024-05-09

URL	Date	SRC
https://git.kernel.org/stable/c/18824f592aad4124d79751bbc1500ea86ac3ff29	2023-12-13
https://git.kernel.org/stable/c/3fe1ea5f921bf5b71cbfdc4469fb96c05936610e	2023-12-13
https://git.kernel.org/stable/c/bcedd497b3b4a0be56f3adf7c7542720eced0792	2023-12-13
https://git.kernel.org/stable/c/f2f57f51b53be153a522300454ddb3887722fb2c	2023-12-13
https://git.kernel.org/stable/c/5a33d385eb36991a91e3dddb189d8679e2aac2be	2023-12-13
https://git.kernel.org/stable/c/705318a99a138c29a512a72c3e0043b3cd7f55f4	2023-12-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.220 < 5.4.264 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.220 < 5.4.264"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.150 < 5.10.204 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.150 < 5.10.204"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.75 < 5.15.143 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.75 < 5.15.143"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.1.68 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.68"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.6.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.19.17 Search vendor "Linux" for product "Linux Kernel" and version "5.19.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.0.3 Search vendor "Linux" for product "Linux Kernel" and version "6.0.3"		en		Affected