Lucene search

K

[email protected]NVD:CVE-2023-2598

HistoryJun 01, 2023 - 1:15 a.m.

CVE-2023-2598

2023-06-0101:15:17

CWE-416

CWE-787

[email protected]

web.nvd.nist.gov

2

flaw

buffer registration code

io_uring

local privilege escalation

linux kernel

out-of-bounds access

physical memory

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

Affected configurations

NVD

Node

linuxlinux_kernelRange6.3–6.3.2

Node

netapphci_baseboard_management_controllerMatchh300s

OR

netapphci_baseboard_management_controllerMatchh410c

OR

netapphci_baseboard_management_controllerMatchh410s

OR

netapphci_baseboard_management_controllerMatchh500s

OR

netapphci_baseboard_management_controllerMatchh700s

References

www.openwall.com/lists/oss-security/2024/04/24/3

security.netapp.com/advisory/ntap-20230703-0006/

www.openwall.com/lists/oss-security/2023/05/08/3

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2023-2598

redhatcve1 cbl_mariner2 ubuntucve1 githubexploit1 nessus1 prion1 cnvd1 debiancve1 cve1 cvelist1