Use-after-free in Linux kernel io_uring

1) Use-after-free

EUVDB-ID: #VU104163

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52926

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the io_rw_init_file() function in io_uring/rw.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1 - 6.7 rc7

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:6.1:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.1:rc1:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.1:rc3:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.1:rc7:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.1.1:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.1.2:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.1.3:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.1.4:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.1.5:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.1.6:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/6c27fc6a783c8a77c756dd5461b15e465020d075
https://git.kernel.org/stable/c/72060434a14caea20925e492310d6e680e3f9007
https://git.kernel.org/stable/c/a08d195b586a217d76b42062f88f375a3eedda4d
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.122
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.68
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.