A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published: 2023-05-01T12:50:47.742Z

Updated: 2024-08-02T06:19:13.600Z

Reserved: 2023-04-21T17:43:28.315Z

Link: CVE-2023-2236

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-05-01T13:15:44.850

Modified: 2023-08-11T19:51:06.083

Link: CVE-2023-2236

cve-icon Redhat

Severity : Important

Publid Date: 2022-11-23T06:30:00Z

Links: CVE-2023-2236 - Bugzilla