CVE-2023-1032 : The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

Published 2024-01-08 19:15:09

Updated 2024-01-11 18:39:43

Source Canonical Ltd.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2023-1032

Linux » Linux Kernel
Versions from including (>=) 5.19 and before (<) 6.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.3 Update RC1
cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 22.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 22.10
cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-1032

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-1032

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2024-01-11
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
4.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H	0.5	4.2	Canonical Ltd.	2024-01-08
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High

CWE ids for CVE-2023-1032

CWE-415 Double Free

The product calls free() twice on the same memory address.
Assigned by:
- nvd@nist.gov (Primary)
- security@ubuntu.com (Secondary)

References for CVE-2023-1032

https://ubuntu.com/security/notices/USN-6024-1

USN-6024-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/03/13/2

oss-security - CVE-2023-1032 - Linux kernel io_uring IORING_OP_SOCKET double free
Mailing List;Third Party Advisory
https://ubuntu.com/security/notices/USN-5977-1

USN-5977-1: Linux kernel (OEM) vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032

CVE - CVE-2023-1032
Third Party Advisory
https://ubuntu.com/security/notices/USN-6033-1

USN-6033-1: Linux kernel (OEM) vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-1032

Products affected by CVE-2023-1032

Exploit prediction scoring system (EPSS) score for CVE-2023-1032

CVSS scores for CVE-2023-1032

CWE ids for CVE-2023-1032

References for CVE-2023-1032