A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.
Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.
We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Google
Published: 2023-05-01T12:50:47.742Z
Updated: 2024-08-02T06:19:13.600Z
Reserved: 2023-04-21T17:43:28.315Z
Link: CVE-2023-2236
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-05-01T13:15:44.850
Modified: 2023-08-11T19:51:06.083
Link: CVE-2023-2236
Redhat