CVE-2023-52926

io_uring/rw: split io_read() into a helper

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (2)

NVD, TN

CWE (1)

CWE-416: Use After Free

CAPEC (-)

Risk

CVSS Score

7.8 High

SSVC

Track*

KEV

EPSS

Affected Products (-)

Vendors (1)

linux

Products (1)

linux_kernel

Versions (3)

< 6.1.122, < 6.6.68, < 6.7

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (3)

General (-)

Exploits & POcs (-)

Patches (3)

kernel

Advisories (-)

Summary

Descriptions

In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list when
read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED return).
This can lead to a potential use-after-free when the completion via
io_rw_done runs at separate context.

In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list when read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED return). This can lead to a potential use-after-free when the completion via io_rw_done runs at separate context.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-08-21 CVE Reserved
2025-02-24 CVE Published
2025-02-25 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/72060434a14caea20925e492310d6e680e3f9007	2024-12-27
https://git.kernel.org/stable/c/6c27fc6a783c8a77c756dd5461b15e465020d075	2024-12-27
https://git.kernel.org/stable/c/a08d195b586a217d76b42062f88f375a3eedda4d	2023-09-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.122 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.68 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.68"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.7 Search vendor "Linux" for product "Linux Kernel" and version " < 6.7"		en		Affected

CVE-2023-52926

io_uring/rw: split io_read() into a helper

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (3)

Affected Vendors, Products, and Versions