CVE-2023-6560

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html
https://access.redhat.com/security/cve/CVE-2023-6560	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253249	Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK/
https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/	Mailing List Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc4::::::

History

14 Dec 2023, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK/ -

12 Dec 2023, 22:22

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.7:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.7:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.7:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.7:rc3::::::
CWE		CWE-119
References	~~() https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/ -~~	() https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/ - Mailing List, Patch
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2253249 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2253249 - Issue Tracking
References	~~() https://access.redhat.com/security/cve/CVE-2023-6560 -~~	() https://access.redhat.com/security/cve/CVE-2023-6560 - Third Party Advisory

09 Dec 2023, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-09 00:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-6560

Mitre link : CVE-2023-6560

CVE.ORG link : CVE-2023-6560

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-823

Use of Out-of-range Pointer Offset

5.5 /10