Lucene search

K

[email protected]NVD:CVE-2023-21400

HistoryJul 13, 2023 - 12:15 a.m.

CVE-2023-21400

2023-07-1300:15:24

CWE-667

[email protected]

web.nvd.nist.gov

kernel

memory corruption

io_uring

improper locking

local privilege escalation

system execution

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

Affected configurations

NVD

Node

googleandroidMatch-

Node

debiandebian_linuxMatch10.0

OR

debiandebian_linuxMatch11.0

References

packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html

www.openwall.com/lists/oss-security/2023/07/14/2

www.openwall.com/lists/oss-security/2023/07/19/2

www.openwall.com/lists/oss-security/2023/07/19/7

www.openwall.com/lists/oss-security/2023/07/25/7

lists.debian.org/debian-lts-announce/2023/10/msg00027.html

security.netapp.com/advisory/ntap-20240119-0012/

source.android.com/security/bulletin/pixel/2023-07-01

www.debian.org/security/2023/dsa-5480

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2023-21400

cnvd1 debiancve1 cve1 cvelist1 redhatcve1 ubuntucve1 prion1 ubuntu6 osv7 openvas20 nessus21 debian2