QwikSec

Security Database

CVE

CWE

Training

CVE-2023-1032

Published: Jan 8, 2024

Modified: Aug 27, 2024

PUBLISHED

CVSS v3.1

4.7

MEDIUM

Description

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

Vendor	Product	Versions
The Linux Kernel Organization	linux	affected `0 - < 6.3~rc2`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

References

https://www.openwall.com/lists/oss-security/2023/03/13/2

issue-tracking

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032

issue-tracking

https://ubuntu.com/security/notices/USN-6033-1

third-party-advisory

https://ubuntu.com/security/notices/USN-6024-1

third-party-advisory

https://ubuntu.com/security/notices/USN-5977-1

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.