Linux Kernel io_uring IORING_OP_SOCKET Operation Vulnerability in Socket Implementation
CVE-2023-1032

4.7MEDIUM

Key Information:

Vendor

The Linux Kernel Organization

Status
Linux
Vendor
CVE Published:
8 January 2024

What is CVE-2023-1032?

The Linux kernel's io_uring IORING_OP_SOCKET operation is affected by a vulnerability that occurs due to a double free condition in the function __sys_socket_file(). This issue, which originated in the source code revision da214a475f8bd1d3e9e7a19ddfeb4d1617551bab, can potentially lead to unexpected behavior in memory management. The vulnerability has been addressed and fixed in later revisions, specifically 649c15c7691e9b13cbe9bf6c65c365350e056067, improving the overall security of the Linux Kernel.

Affected Version(s)

linux Linux 0 < 6.3~rc2

References

https://www.openwall.com/lists/oss-security/2023/03/13/2
issue-tracking
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032
issue-tracking
https://ubuntu.com/security/notices/USN-6033-1
third-party-advisory

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Thadeu Cascardo
.