[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2023-21400Date: (C)2023-07-14   (M)2024-04-30


In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.7CVSS Score :
Exploit Score: 0.8Exploit Score:
Impact Score: 5.9Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: HIGHAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: HIGHAvailability:
Integrity: HIGH 
Availability: HIGH 
  
Reference:
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
http://www.openwall.com/lists/oss-security/2023/07/14/2
http://www.openwall.com/lists/oss-security/2023/07/19/2
http://www.openwall.com/lists/oss-security/2023/07/19/7
http://www.openwall.com/lists/oss-security/2023/07/25/7
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://security.netapp.com/advisory/ntap-20240119-0012/
https://source.android.com/security/bulletin/pixel/2023-07-01
https://www.debian.org/security/2023/dsa-5480

CWE    1
CWE-667
OVAL    21
oval:org.secpod.oval:def:3301831
oval:org.secpod.oval:def:708400
oval:org.secpod.oval:def:708411
oval:org.secpod.oval:def:96368
...

© SecPod Technologies