CVE-2023-1583

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-1583
A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=02a4d923e4400a36d340ea12d8058f69ebf3a383 Mailing List Patch
https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=io_uring-6.3&id=761efd55a0227aca3a69deacdaa112fffd44fe37 Mailing List Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

02 Aug 2023, 17:08

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.3:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc6:*:*:*:*:*:*		 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References (MISC) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=02a4d923e4400a36d340ea12d8058f69ebf3a383 - (MISC) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=02a4d923e4400a36d340ea12d8058f69ebf3a383 - Mailing List, Patch

23 Jul 2023, 02:15

Type Values Removed Values Added
References
  • (MISC) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=02a4d923e4400a36d340ea12d8058f69ebf3a383 -
Information

Published : 2023-03-24 22:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-1583

Mitre link : CVE-2023-1583

CVE.ORG link : CVE-2023-1583

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference