Vulnerability CVE-2023-6560


Published: 2023-12-09   Modified: 2023-12-14

Description:
An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
io_uring __io_uaddr_map() Dangerous Multi-Page Handling
Jann Horn
10.01.2024

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Affected software
Linux -> Linux kernel 

 References:
https://access.redhat.com/security/cve/CVE-2023-6560
https://bugzilla.redhat.com/show_bug.cgi?id=2253249
https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ/

Copyright 2024, cxsecurity.com

 

Back to Top