CVE-2023-21400 — Improper Locking in Linux

CWE-667 — Improper Locking CWE-416 — Use After Free32 documents7 sources

Severity

6.7MEDIUMNVD

OSV7.8OSV6.5OSV5.5

EPSS

0.0%

top 89.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Google Android +1 more

Timeline

PublishedJul 13

Latest updateApr 3

Description

In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-205.225+5

▶debiandebian/linux< linux 5.18.2-1 (bookworm)

▶CVEListV5google/androidAndroid kernel

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

OSV

linux-iot vulnerabilities↗2025-04-03

▶

OSV

linux-xilinx-zynqmp vulnerabilities↗2025-02-26

▶

OSV

linux-aws-5.4 linux-raspi-5.4 vulnerabilities↗2025-02-25

▶

OSV

linux-aws vulnerabilities↗2025-02-12

▶

OSV

linux-azure, linux-azure-5.4 vulnerabilities↗2025-02-04

▶

📋Vendor Advisories

Ubuntu

Linux kernel (IoT) vulnerabilities↗2025-04-03

▶

Ubuntu

Linux kernel vulnerabilities↗2025-02-26

▶

Ubuntu

Linux kernel vulnerabilities↗2025-02-25

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2025-02-12

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-02-04

▶

💬Community

Bugzilla

CVE-2023-21400 kernel: io_uring: io_defer_entry object double free vulnerability↗2023-07-11

▶