A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.
Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.
We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.
References
Link | Resource |
---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d94c04c0db024922e886c9fd429659f22f48ea4 | Exploit Mailing List Patch |
https://kernel.dance/9d94c04c0db024922e886c9fd429659f22f48ea4 | Exploit Patch |
https://security.netapp.com/advisory/ntap-20230601-0010/ | Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d94c04c0db024922e886c9fd429659f22f48ea4 | Exploit Mailing List Patch |
https://kernel.dance/9d94c04c0db024922e886c9fd429659f22f48ea4 | Exploit Patch |
https://security.netapp.com/advisory/ntap-20230601-0010/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 07:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d94c04c0db024922e886c9fd429659f22f48ea4 - Exploit, Mailing List, Patch | |
References | () https://kernel.dance/9d94c04c0db024922e886c9fd429659f22f48ea4 - Exploit, Patch | |
References | () https://security.netapp.com/advisory/ntap-20230601-0010/ - Vendor Advisory |
11 Aug 2023, 19:51
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://security.netapp.com/advisory/ntap-20230601-0010/ - Vendor Advisory | |
First Time |
Netapp hci Baseboard Management Controller
Netapp |
|
CPE | cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:* |
cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:* |
01 Jun 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2023-05-01 13:15
Updated : 2024-11-21 07:58
NVD link : CVE-2023-2236
Mitre link : CVE-2023-2236
CVE.ORG link : CVE-2023-2236
JSON object : View
Products Affected
linux
- linux_kernel
netapp
- hci_baseboard_management_controller
CWE
CWE-416
Use After Free