CVE-2023-1032

MEDIUM4.7

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket

Published Jan 8, 2024

Modified 1 years ago

No fix available

Details

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

References

WEBhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 ADVISORYhttps://ubuntu.com/security/notices/USN-5977-1 ADVISORYhttps://ubuntu.com/security/notices/USN-6024-1 ADVISORYhttps://ubuntu.com/security/notices/USN-6033-1 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2023-1032 WEBhttps://www.openwall.com/lists/oss-security/2023/03/13/2

CVSS Analysis

CVSS v3.1

4.7

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

LowI:L

Availability

HighA:H

4.7/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Weakness Type (CWE)

Other

CWE-415

Ecosystems

Timeline

PublishedJan 8, 2024

ModifiedAug 27, 2024