Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-1295

Опубликовано: 01 фев. 2021
Источник: redhat
CVSS3: 7.8

Описание

A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.

A time-of-check to time-of-use flaw was found in the io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel. This flaw allows a local user to elevate their privileges to root.

Отчет

No Red Hat products are affected by this flaw, as the io_uring subsystem (CONFIG_IO_URING) is not enabled in any shipping kernel release.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-367
https://bugzilla.redhat.com/show_bug.cgi?id=2218350kernel: io_uring: TOCTOU vulnerability in IORING_OP_CLOSE operation

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-1295

CVSS3: 7.8
ubuntu
больше 2 лет назад

A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.

nvd логотип

CVE-2023-1295

CVSS3: 7.8
nvd
больше 2 лет назад

A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.

msrc логотип

CVE-2023-1295

CVSS3: 7
msrc
больше 2 лет назад

Privilege escalation with IO_RING_OP_CLOSE in the Linux Kernel

debian логотип

CVE-2023-1295

CVSS3: 7.8
debian
больше 2 лет назад

A time-of-check to time-of-use issue exists in io_uring subsystem's IO ...

github логотип

GHSA-3gcx-wjr4-jv32

CVSS3: 7.8
github
больше 2 лет назад

A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.

7.8 High

CVSS3