CVE-2023-1032

Advisory lineage Upstream: 0 Downstream: 5

Downstream

DEBIAN-CVE-2023-1032 UBUNTU-CVE-2023-1032 USN-5977-1 USN-6024-1 USN-6033-1

Modified

Published: 08 Jan 2024, 18:11

Last modified:27 Aug 2024, 15:48

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.07% LOW

0% probability +0.05%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Jan 2024, 18:11

Published

Vulnerability first disclosed

27 Aug 2024, 15:48

Last Modified

Vulnerability information updated

Description

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

CVSS Metrics

v3.1•MEDIUM•Score: 4.7CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.07%• Percentile: 20%

Techniques & Countermeasures

CWE-415•Double Free
The product calls free() twice on the same memory address.

Affected Systems

canonical•ubuntu_linux
22.04 | 22.10
linux•linux_kernel
≥ 5.19, < 6.3 | 6.3:rc1
the linux kernel organization•linux
< 6.3~rc2