CVE-2023-21400
Advisory lineage Upstream: 0 Downstream: 26
Modified
Published: 12 Jul 2023, 23:53
Last modified:13 Feb 2025, 16:40
Vulnerability Summary
Overall Risk (default)
medium
37/100 CVSS Score
6.7 MEDIUM
v3.1 (nvd)
EPSS Score
0.04% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
12 Jul 2023, 23:53
Published
Vulnerability first disclosed
13 Feb 2025, 16:40
Last Modified
Vulnerability information updated
Description
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.04%• Percentile: 12%
Techniques & Countermeasures
- CWE-667•Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Affected Systems
- debian•debian_linux
10.0 | 11.0
- google•android
Android kernel | na
References (9)
- https://source.android.com/security/bulletin/pixel/2023-07-01
- http://www.openwall.com/lists/oss-security/2023/07/14/2
- http://www.openwall.com/lists/oss-security/2023/07/19/2
- http://www.openwall.com/lists/oss-security/2023/07/19/7
- http://www.openwall.com/lists/oss-security/2023/07/25/7
- https://www.debian.org/security/2023/dsa-5480
- http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://security.netapp.com/advisory/ntap-20240119-0012/