CVE-2023-1032

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032	Third Party Advisory
https://ubuntu.com/security/notices/USN-5977-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-6024-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-6033-1	Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/03/13/2	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc1::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:22.10::::-:::

History

11 Jan 2024, 18:39

Type	Values Removed	Values Added
CPE		cpe:2.3:o:canonical:ubuntu_linux:22.10::::-::: cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts::: cpe:2.3:o:linux:linux_kernel:6.3:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Canonical ubuntu Linux Canonical Linux
Summary		(es) La operación io_uring IORING_OP_SOCKET del kernel de Linux contenía una función de double free __sys_socket_file() en el archivo net/socket.c. Este problema se introdujo en da214a475f8bd1d3e9e7a19ddfeb4d1617551bab y se solucionó en 649c15c7691e9b13cbe9bf6c65c365350e056067.
CVSS	v2 : ~~unknown~~ v3 : ~~4.7~~	v2 : unknown v3 : 5.5
References	~~() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 -~~	() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 - Third Party Advisory
References	~~() https://ubuntu.com/security/notices/USN-5977-1 -~~	() https://ubuntu.com/security/notices/USN-5977-1 - Third Party Advisory
References	~~() https://ubuntu.com/security/notices/USN-6024-1 -~~	() https://ubuntu.com/security/notices/USN-6024-1 - Third Party Advisory
References	~~() https://ubuntu.com/security/notices/USN-6033-1 -~~	() https://ubuntu.com/security/notices/USN-6033-1 - Third Party Advisory
References	~~() https://www.openwall.com/lists/oss-security/2023/03/13/2 -~~	() https://www.openwall.com/lists/oss-security/2023/03/13/2 - Mailing List, Third Party Advisory

08 Jan 2024, 19:30

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-08 19:15

Updated : 2024-01-11 18:39

NVD link : CVE-2023-1032

Mitre link : CVE-2023-1032

CVE.ORG link : CVE-2023-1032

JSON object : View

Products Affected

canonical

ubuntu_linux

linux

linux_kernel

CWE

CWE-415

Double Free

5.5 /10