6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
In multiple functions of io_uring.c, there is a possible kernel memory
corruption due to improper locking. This could lead to local escalation of
privilege in the kernel with System execution privileges needed. User
interaction is not needed for exploitation.
Author | Note |
---|---|
Priority reason: Unprivileged users may use io_uring to potentially escalate privilege. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-82.91 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1043.48 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-21400
nvd.nist.gov/vuln/detail/CVE-2023-21400
security-tracker.debian.org/tracker/CVE-2023-21400
source.android.com/security/bulletin/pixel/2023-07-01
twitter.com/VAR10CK/status/1683303642173153280
ubuntu.com/security/notices/USN-6315-1
ubuntu.com/security/notices/USN-6325-1
ubuntu.com/security/notices/USN-6330-1
ubuntu.com/security/notices/USN-6332-1
ubuntu.com/security/notices/USN-6348-1
www.cve.org/CVERecord?id=CVE-2023-21400
www.openwall.com/lists/oss-security/2023/07/14/2
www.openwall.com/lists/oss-security/2023/07/25/9
yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html