6 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-23586
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a vulnerability in the iouring subsystem, it is possible to leak kernel memory information to the user process. timensinstall calls currentissinglethread...
Debian: Security Advisory (DLA-3349-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3349-1] linux-5.10 security update
Debian LTS Advisory DLA-3349-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings March 02, 2023 https://wiki.debian.org/LTS Package : linux-5.10 Version : 5.10.162-1deb10u1 CVE ID : CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696 CVE-2022-36280 CVE-2022-41218...
CVE-2023-23586
creationtimestamp| type| source ---|---|--- 2023-02-17 16:13:07+00:00| published-proof-of-concept| https://t.me/cibsecurity/58430 2024-12-10 23:00:00+00:00| seen| https://u1f383.github.io/linux/2024/12/11/linux-vdso-and-vvar.html 2024-12-20 18:02:36+00:00| published-proof-of-concept|...
CVE-2023-23586 Use after free in io_uring in the Linux Kernel
Due to a vulnerability in the iouring subsystem, it is possible to leak kernel memory information to the user process. timensinstall calls currentissinglethreaded to determine if the current process is single-threaded, but this call does not consider iouring's ioworker threads, thus it is possibl...
CVE-2023-23586
CVE-2023-23586 affects the Linux kernel io_uring subsystem. A time namespace vvar page can be leaked into a process via a page fault because timens_install’s single-thread check ignores io_uring io_worker threads; when the time namespace is destroyed, the vvar page may remain and a subsequent pag...