CVE-2023-0468Use After Free in Kernel

CWE-416Use After Free25 documents8 sources
Severity
4.7MEDIUMNVD
OSV7.8OSV7.0OSV5.5
EPSS
0.0%
top 96.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.92.1-1 ON CBL Mariner 2.0+3 more
Timeline
PublishedJan 26
Latest updateAug 19

Description

A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages9 packages

NVDlinux/linux_kernel< 6.1+1
Debianlinux/linux_kernel< 6.0.12-1+2
Ubuntulinux/linux_kernel< 5.15.0-67.74+3
CVEListV5linux/linux_kernelLinux Kernel prior to Kernel 6.1 RC7
debiandebian/linux< linux 6.0.12-1 (bookworm)

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

11
OSV
linux-oem-5.17 vulnerabilities2023-05-10
OSV
linux-oem-6.0 vulnerabilities2023-05-10
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities2023-04-19
OSV
Kernel Live Patch Security Notice2023-04-18
OSV
linux-intel-iotg vulnerabilities2023-03-16

📋Vendor Advisories

12
Ubuntu
Linux kernel (OEM) vulnerabilities2023-05-10
Ubuntu
Linux kernel (OEM) vulnerabilities2023-05-10
Ubuntu
Linux kernel vulnerabilities2023-04-19
Ubuntu
Kernel Live Patch Security Notice2023-04-18
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-03-16

📄Research Papers

1
arXiv
Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects2024-08-19