CVE-2023-6560

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html
https://access.redhat.com/security/cve/CVE-2023-6560	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253249	Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK/
https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/	Mailing List Patch
http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html
https://access.redhat.com/security/cve/CVE-2023-6560	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253249	Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK/
https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/	Mailing List Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc4::::::

History

21 Nov 2024, 08:44

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html -~~	() http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html -
References	~~() https://access.redhat.com/security/cve/CVE-2023-6560 - Third Party Advisory~~	() https://access.redhat.com/security/cve/CVE-2023-6560 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2253249 - Issue Tracking~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2253249 - Issue Tracking
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK/ -
References	~~() https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/ - Mailing List, Patch~~	() https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/ - Mailing List, Patch

08 Jan 2024, 16:15

Type	Values Removed	Values Added
References		() http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html -

14 Dec 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-09 00:15

Updated : 2024-11-21 08:44

NVD link : CVE-2023-6560

Mitre link : CVE-2023-6560

CVE.ORG link : CVE-2023-6560

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-823

Use of Out-of-range Pointer Offset

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.5 /10