CVE-2023-2598Use After Free in Kernel

CWE-416Use After FreeCWE-787Out-of-bounds WriteCWE-366Race Condition within a Thread8 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.7%
top 27.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelNetapp HCI Baseboard Management Controller
Timeline
PublishedJun 1
Latest updateJun 13

Description

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel6.36.3.2
CVEListV5linux/linux_kernelKernel prior to 6.4-rc1

🔴Vulnerability Details

3
CVEList
CVE-2023-2598: A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc2023-06-01
GHSA
GHSA-mmvq-3rp7-6cw4: A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc2023-06-01
OSV
CVE-2023-2598: A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc2023-06-01

📋Vendor Advisories

3
Microsoft
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end o2023-06-13
Red Hat
kernel: io_uring out-of-bounds access to physical memory2023-05-03
Debian
CVE-2023-2598: linux - A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buff...2023
CVE-2023-2598 — Use After Free in Linux Kernel | cvebase