Lucene search

Redhat.comRH:CVE-2023-21400

HistoryJul 19, 2023 - 4:06 p.m.

CVE-2023-21400

2023-07-1916:06:51

redhat.com

access.redhat.com

cve-2023-21400

double-free vulnerability

linux kernel

io_uring subsystem

local user

crash

elevate privileges

security issue

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A double-free vulnerability was found in the io_uring subsystem in the Linux kernel. This issue may allow a malicious local user to crash the kernel or elevate their privileges on the system.

References

bugzilla.redhat.com/show_bug.cgi?id=2222087

nvd.nist.gov/vuln/detail/CVE-2023-21400

www.cve.org/CVERecord?id=CVE-2023-21400

www.openwall.com/lists/oss-security/2023/07/14/2

yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for RH:CVE-2023-21400