Name | CVE-2023-3389 |
Description | A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-3623-1, DSA-5480-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
linux (PTS) | bullseye (security), bullseye | 5.10.223-1 | fixed |
| bookworm | 6.1.106-3 | fixed |
| bookworm (security) | 6.1.99-1 | fixed |
| trixie | 6.10.11-1 | fixed |
| sid | 6.10.12-1 | fixed |
The information below is based on the following data on fixed versions.
Notes
[buster] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8
https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663