Out-of-bounds Access Vulnerability in Linux Kernel Could Lead to Privilege Escalation
CVE-2023-2598

7.8HIGH

Key Information:

Vendor
Linux
Status
Kernel
Vendor
CVE Published:
1 June 2023

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

Summary

The vulnerability in question is CVE: CVE-2023-2598, which affects the Linux kernel and allows for out-of-bounds access to physical memory beyond the end of the buffer. This vulnerability can lead to full local privilege escalation, making it a significant security risk. The vulnerability is specifically related to the handling of registering fixed buffers via the IORING_REGISTER_BUFFERS opcode in the io_uring driver of the Linux kernel. By exploiting this vulnerability, an attacker can gain code execution and defeat kernel ASLR. The exploitation of this vulnerability is both straightforward and reliable. While it is not mentioned whether ransomware groups have exploited this vulnerability, it is indicated that there is active interest in and potential use of the vulnerability by threat actors. Therefore, it is crucial to address this vulnerability promptly to mitigate the risk.

Affected Version(s)

Kernel Kernel prior to 6.4-rc1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

io_uring_LPE-CVE-2023-2598
Created by ysanatomic

News Articles

favicon imageOracle Blogs

Ksplice Known Exploit Detection for io_uring, glibc, overlayfs and netfilter

Latest edition in this blog series describing recent Ksplice Known Exploit Detection implementations.

7 months ago

favicon imagedayzerosec

Conquering the memory through io_uring - Analysis of CVE-2023-2598

A very powerful bug in the `io_uring ` driver of the linux kernel. In this case, the vulnerability is in the handling of registering fixed buffers via the `IORING_REGISTER_BUFFERS` opcode, which allows an application to 'pin' and register memory for long-term use, which includes making it exempt fro...

7 months ago

References

https://www.openwall.com/lists/oss-security/2023/05/08/3
https://security.netapp.com/advisory/ntap-20230703-0006/
http://www.openwall.com/lists/oss-security/2024/04/24/3
mailing-list

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by dayzerosec

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)2 News Article(s)
.