CVE-2023-52656

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring: elimina cualquier código relacionado con SCM_RIGHTS. Este es un código inactivo después de que dejamos de admitir el paso de io_uring fds sobre SCM_RIGHTS, deshazte de él.

A flaw was found in the Linux kernel that addresses the removal of dead code related to `SCM_RIGHTS` support within the `io_uring`. This code was deemed unnecessary after the kernel dropped the ability to pass `io_uring` file descriptors over `SCM_RIGHTS`. The vulnerability was assigned CVE status due to removing this code, which was part of a cleanup process following the resolution of a previous CVE (CVE-2023-52654).

In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fds over SCM_RIGHTS, get rid of it.

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.