CVE-2023-6560 — Use of Out-of-range Pointer Offset in Linux

CWE-823 — Use of Out-of-range Pointer Offset CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

5.5MEDIUMNVD

OSV5.9

EPSS

0.0%

top 98.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Openbsd Openssh Debian Linux +1 more

Timeline

PublishedDec 9

Latest updateJan 11

Description

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶Debianlinux/linux_kernel< 6.6.8-1+1

▶NVDlinux/linux_kernel6.6+1

▶debiandebian/linux< linux 6.6.8-1 (forky)

▶msrcmsrc/cbl2_kernel_5.15.153.1-1_on_cbl_mariner_2.0

▶Ubuntuopenbsd/openssh< 1:7.2p2-4ubuntu2.10+esm5+1

Patches

Patch: patchwork.kernel.org ↗Patch: patchwork.kernel.org ↗

🔴Vulnerability Details

OSV

openssh vulnerabilities↗2024-01-11

▶

GHSA

GHSA-q2h3-9c64-6vmc: An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel↗2023-12-09

▶

OSV

CVE-2023-6560: An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel↗2023-12-09

▶

📋Vendor Advisories

Microsoft

Kernel: io_uring out of boundary memory access in __io_uaddr_map()↗2023-12-12

▶

Red Hat

kernel: io_uring out of boundary memory access in __io_uaddr_map()↗2023-11-30

▶

Debian

CVE-2023-6560: linux - An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functi...↗2023

▶

💬Community

Bugzilla

CVE-2023-6560 kernel: io_uring out of boundary memory access in __io_uaddr_map()↗2023-12-06

▶