In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2023/07/14/2 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2023/07/19/2 | Exploit Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2023/07/19/7 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2023/07/25/7 | Mailing List |
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240119-0012/ | |
https://source.android.com/security/bulletin/pixel/2023-07-01 | Vendor Advisory |
https://www.debian.org/security/2023/dsa-5480 | Third Party Advisory |
Configurations
History
19 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Oct 2023, 18:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
First Time |
Debian debian Linux
Debian |
|
References | (MISC) https://www.debian.org/security/2023/dsa-5480 - Third Party Advisory | |
References | (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html - Third Party Advisory, VDB Entry | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/07/25/7 - Mailing List |
20 Oct 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Oct 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Aug 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jul 2023, 17:44
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-667 | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/07/19/2 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/07/19/7 - Mailing List, Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/07/14/2 - Mailing List, Third Party Advisory | |
References | (MISC) https://source.android.com/security/bulletin/pixel/2023-07-01 - Vendor Advisory | |
First Time |
Google
Google android |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
CPE | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* |
19 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jul 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 00:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-21400
Mitre link : CVE-2023-21400
CVE.ORG link : CVE-2023-21400
JSON object : View
Products Affected
- android
debian
- debian_linux
CWE
CWE-667
Improper Locking