In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2023/07/14/2 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2023/07/19/2 | Exploit Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2023/07/19/7 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2023/07/25/7 | Mailing List |
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240119-0012/ | |
https://source.android.com/security/bulletin/pixel/2023-07-01 | Vendor Advisory |
https://www.debian.org/security/2023/dsa-5480 | Third Party Advisory |
Configurations
History
19 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
References |
|
|
References | (MISC) https://www.debian.org/security/2023/dsa-5480 - Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/07/25/7 - Mailing List |
19 Aug 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jul 2023, 17:44
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://www.openwall.com/lists/oss-security/2023/07/19/2 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://source.android.com/security/bulletin/pixel/2023-07-01 - Vendor Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/07/19/7 - Mailing List, Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/07/14/2 - Mailing List, Third Party Advisory | |
CWE | CWE-667 | |
CPE | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
19 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jul 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 00:15
Updated : 2024-02-05 00:01
NVD link : CVE-2023-21400
Mitre link : CVE-2023-21400
CVE.ORG link : CVE-2023-21400
JSON object : View
Products Affected
debian
- debian_linux
- android
CWE
CWE-667
Improper Locking