Vulnerability Details : CVE-2023-21400
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.
Published
2023-07-13 00:15:24
Updated
2024-01-19 16:15:09
Vulnerability category: Memory Corruption
Products affected by CVE-2023-21400
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-21400
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-21400
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2023-21400
-
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-21400
-
http://www.openwall.com/lists/oss-security/2023/07/25/7
oss-security - Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uringMailing List
-
http://www.openwall.com/lists/oss-security/2023/07/14/2
oss-security - Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uringMailing List;Third Party Advisory
-
https://www.debian.org/security/2023/dsa-5480
Debian -- Security Information -- DSA-5480-1 linuxThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2023/07/19/2
oss-security - Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uringExploit;Mailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20240119-0012/
CVE-2023-21400 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security
-
http://www.openwall.com/lists/oss-security/2023/07/19/7
oss-security - Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uringMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
[SECURITY] [DLA 3623-1] linux-5.10 security updateMailing List;Third Party Advisory
-
https://source.android.com/security/bulletin/pixel/2023-07-01
Pixel Update Bulletin—July 2023 | Android Open Source ProjectVendor Advisory
-
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
Kernel Live Patch Security Notice LSN-0098-1 ≈ Packet StormThird Party Advisory;VDB Entry
Jump to