Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-52654

Опубликовано: 14 мая 2024
Источник: nvd
CVSS3: 4.7
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

io_uring/af_unix: disable sending io_uring over sockets

File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.4.220 (включая) до 5.4.264 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.10.150 (включая) до 5.10.204 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.15.75 (включая) до 5.15.143 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.19.17 (включая) до 5.20 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.0.3 (включая) до 6.1.68 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.6.7 (исключая)
cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*

EPSS

Процентиль: 29%
0.00106
Низкий

4.7 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2023-52654

CVSS3: 4.7
ubuntu
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary.

redhat логотип

CVE-2023-52654

CVSS3: 5.5
redhat
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary.

msrc логотип

CVE-2023-52654

msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2023-52654

CVSS3: 4.7
debian
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: i ...

github логотип

GHSA-p435-prrh-xm57

CVSS3: 4.7
github
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary.

EPSS

Процентиль: 29%
0.00106
Низкий

4.7 Medium

CVSS3

Дефекты

NVD-CWE-noinfo