CVE-2023-2430

Опубликовано: 19 янв. 2023

Источник: redhat

CVSS3: 6.6

EPSS Низкий

Описание

A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat.

A vulnerability was found due to a missing lock for the IOPOLL in io_cqring_event_overflow() in io_uring.c in the Linux kernel. This flaw allows a local attacker with user privileges to trigger a denial of service.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-667

https://bugzilla.redhat.com/show_bug.cgi?id=2192175kernel: missing lock in io_uring/msg_ring.c for IOPOLL in io_uring cause denial of service

EPSS

Процентиль: 2%

0.00012

Низкий

6.6 Medium

CVSS3

Связанные уязвимости

CVE-2023-2430

CVSS3: 5.5

ubuntu

больше 2 лет назад

CVE-2023-2430

CVSS3: 5.5

nvd

больше 2 лет назад

CVE-2023-2430

CVSS3: 5.5

msrc

больше 2 лет назад

CVE-2023-2430

CVSS3: 5.5

debian

больше 2 лет назад

A vulnerability was found due to missing lock for IOPOLL flaw in io_cq ...

GHSA-3xvm-4g57-gvj6

CVSS3: 5.5

github

больше 2 лет назад

EPSS

Процентиль: 2%

0.00012

Низкий

6.6 Medium

CVSS3