QwikSec

Security Database

CVE

CWE

Training

CVE-2023-2598

Published: Jun 1, 2023

Modified: Apr 23, 2025

PUBLISHED

Description

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

Vendor	Product	Versions
n/a	Kernel	affected `Kernel prior to 6.4-rc1`

Weaknesses (CWE)

References

https://www.openwall.com/lists/oss-security/2023/05/08/3

https://security.netapp.com/advisory/ntap-20230703-0006/

[oss-security] 20240424 CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.