Main Vulnerability Database SB2023062964

SB2023062964 - Improper locking in Linux kernel io_uring

Published: June 29, 2023

Security Bulletin ID SB2023062964

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2023-2430)

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to improper locking within the io_uring subsystem in Linux kernel when IOPOLL mode is being used. A local user can crash the kernel.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e12d7a46f65ae4b7d58a5e0c1cbfa825cf8d830d
https://groups.google.com/g/syzkaller/c/T04q4HMUCdA/m/qVaOqv2RAAAJ?pli=1
https://lore.kernel.org/io-uring/Y8krlYa52%2F0YGqkg@ip-172-31-85-199.ec2.internal/