CVE-2023-1032

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032	Third Party Advisory
https://ubuntu.com/security/notices/USN-5977-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-6024-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-6033-1	Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/03/13/2	Mailing List Third Party Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032	Third Party Advisory
https://ubuntu.com/security/notices/USN-5977-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-6024-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-6033-1	Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/03/13/2	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc1::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:22.10::::-:::

History

21 Nov 2024, 07:38

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 4.7
References	~~() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 - Third Party Advisory~~	() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 - Third Party Advisory
References	~~() https://ubuntu.com/security/notices/USN-5977-1 - Third Party Advisory~~	() https://ubuntu.com/security/notices/USN-5977-1 - Third Party Advisory
References	~~() https://ubuntu.com/security/notices/USN-6024-1 - Third Party Advisory~~	() https://ubuntu.com/security/notices/USN-6024-1 - Third Party Advisory
References	~~() https://ubuntu.com/security/notices/USN-6033-1 - Third Party Advisory~~	() https://ubuntu.com/security/notices/USN-6033-1 - Third Party Advisory
References	~~() https://www.openwall.com/lists/oss-security/2023/03/13/2 - Mailing List, Third Party Advisory~~	() https://www.openwall.com/lists/oss-security/2023/03/13/2 - Mailing List, Third Party Advisory

11 Jan 2024, 18:39

Type	Values Removed	Values Added
CPE		cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts::: cpe:2.3:o:linux:linux_kernel:6.3:rc1:::::: cpe:2.3:o:canonical:ubuntu_linux:22.10::::-::: cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux Canonical Linux linux Kernel Canonical ubuntu Linux
CWE		CWE-415
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://ubuntu.com/security/notices/USN-5977-1 -~~	() https://ubuntu.com/security/notices/USN-5977-1 - Third Party Advisory
References	~~() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 -~~	() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 - Third Party Advisory
References	~~() https://ubuntu.com/security/notices/USN-6024-1 -~~	() https://ubuntu.com/security/notices/USN-6024-1 - Third Party Advisory
References	~~() https://www.openwall.com/lists/oss-security/2023/03/13/2 -~~	() https://www.openwall.com/lists/oss-security/2023/03/13/2 - Mailing List, Third Party Advisory
References	~~() https://ubuntu.com/security/notices/USN-6033-1 -~~	() https://ubuntu.com/security/notices/USN-6033-1 - Third Party Advisory

08 Jan 2024, 19:30

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-08 19:15

Updated : 2024-11-21 07:38

NVD link : CVE-2023-1032

Mitre link : CVE-2023-1032

CVE.ORG link : CVE-2023-1032

JSON object : View

Products Affected

linux

linux_kernel

canonical

ubuntu_linux

CWE

CWE-415

Double Free

4.7 /10