CVE-2023-52654
Published: May 9, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 04df9719df1865f6770af9bc7880874af0e594b2 - < 18824f592aad4124d79751bbc1500ea86ac3ff29affected c378c479c5175833bb22ff71974cda47d7b05401 - < 3fe1ea5f921bf5b71cbfdc4469fb96c05936610eaffected 813d8fe5d30388f73a21d3a2bf46b0a1fd72498c - < bcedd497b3b4a0be56f3adf7c7542720eced0792affected 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 - < f2f57f51b53be153a522300454ddb3887722fb2caffected 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 - < 5a33d385eb36991a91e3dddb189d8679e2aac2be+8 more versions |
Linux | Linux | affected 6.1unaffected 0 - < 6.1unaffected 5.4.264 - <= 5.4.*unaffected 5.10.204 - <= 5.10.*unaffected 5.15.143 - <= 5.15.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now