CVE-2023-52654 — Linux vulnerability
9 documents8 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 71.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 14
Latest updateAug 14
Description
In the Linux kernel, the following vulnerability has been resolved:
io_uring/af_unix: disable sending io_uring over sockets
File reference cycles have caused lots of problems for io_uring
in the past, and it still doesn't work exactly right and races with
unix_stream_read_generic(). The safest fix would be to completely
disallow sending io_uring files via sockets via SCM_RIGHT, so there
are no possible cycles invloving registered files and thus rendering
SCM accounting on the io_uring side unn…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6
Affected Packages8 packages
▶CVEListV5linux/linux04df9719df1865f6770af9bc7880874af0e594b2 — 18824f592aad4124d79751bbc1500ea86ac3ff29+8
Patches
🔴Vulnerability Details
2OSV▶
CVE-2023-52654: In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have↗2024-05-14
GHSA▶
GHSA-p435-prrh-xm57: In the Linux kernel, the following vulnerability has been resolved:
io_uring/af_unix: disable sending io_uring over sockets
File reference cycles ha↗2024-05-14
📋Vendor Advisories
5Debian▶
CVE-2023-52654: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring/af...↗2023