CVE-2023-2430Improper Resource Locking in Kernel

CWE-413Improper Resource LockingCWE-667Improper Locking12 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.0%
top 98.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.137.1-1 ON CBL Mariner 2.0
Timeline
PublishedJul 23

Description

A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel< 6.2+1
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux_kernelKernel Linux prior to Kernel 6.2 RC5
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

5
OSV
CVE-2023-2430: A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring2023-07-23
GHSA
GHSA-3xvm-4g57-gvj6: A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring2023-07-23
OSV
linux-oem-6.0 vulnerabilities2023-07-18
OSV
linux, linux-allwinner, linux-allwinner-5.19, linux-aws, linux-aws-5.19, linux-azure, linux-gcp, linux-gcp-5.19, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linu2023-06-29
OSV
linux-oem-6.1 vulnerabilities2023-06-29

📋Vendor Advisories

6
Ubuntu
Linux kernel (OEM) vulnerabilities2023-07-18
Microsoft
A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of 2023-07-11
Ubuntu
Linux kernel (OEM) vulnerabilities2023-06-29
Ubuntu
Linux kernel vulnerabilities2023-06-29
Red Hat
kernel: missing lock in io_uring/msg_ring.c for IOPOLL in io_uring cause denial of service2023-01-19