CVE-2023-1583

Summary

CVE	CVE-2023-1583
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-03-24 22:15:00 UTC
Updated	2023-08-02 17:08:00 UTC
Description	A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	5.19	-	All	All
Operating System	Linux	Linux Kernel	5.19	rc1	All	All
Operating System	Linux	Linux Kernel	5.19	rc2	All	All
Operating System	Linux	Linux Kernel	5.19	rc3	All	All
Operating System	Linux	Linux Kernel	5.19	rc4	All	All
Operating System	Linux	Linux Kernel	5.19	rc5	All	All
Operating System	Linux	Linux Kernel	5.19	rc6	All	All
Operating System	Linux	Linux Kernel	5.19	rc7	All	All
Operating System	Linux	Linux Kernel	5.19	rc8	All	All
Operating System	Linux	Linux Kernel	6.0	-	All	All
Operating System	Linux	Linux Kernel	6.0	rc1	All	All
Operating System	Linux	Linux Kernel	6.0	rc2	All	All
Operating System	Linux	Linux Kernel	6.0	rc3	All	All
Operating System	Linux	Linux Kernel	6.0	rc4	All	All
Operating System	Linux	Linux Kernel	6.0	rc5	All	All
Operating System	Linux	Linux Kernel	6.0	rc6	All	All
Operating System	Linux	Linux Kernel	6.0	rc7	All	All
Operating System	Linux	Linux Kernel	6.1	-	All	All
Operating System	Linux	Linux Kernel	6.1	rc1	All	All
Operating System	Linux	Linux Kernel	6.1	rc2	All	All
Operating System	Linux	Linux Kernel	6.1	rc3	All	All
Operating System	Linux	Linux Kernel	6.1	rc4	All	All
Operating System	Linux	Linux Kernel	6.1	rc5	All	All
Operating System	Linux	Linux Kernel	6.1	rc6	All	All
Operating System	Linux	Linux Kernel	6.1	rc7	All	All
Operating System	Linux	Linux Kernel	6.1	rc8	All	All
Operating System	Linux	Linux Kernel	6.2	-	All	All
Operating System	Linux	Linux Kernel	6.2	rc1	All	All
Operating System	Linux	Linux Kernel	6.2	rc2	All	All
Operating System	Linux	Linux Kernel	6.2	rc3	All	All
Operating System	Linux	Linux Kernel	6.2	rc4	All	All
Operating System	Linux	Linux Kernel	6.2	rc5	All	All
Operating System	Linux	Linux Kernel	6.2	rc6	All	All
Operating System	Linux	Linux Kernel	6.2	rc7	All	All
Operating System	Linux	Linux Kernel	6.2	rc8	All	All
Operating System	Linux	Linux Kernel	6.3	rc1	All	All
Operating System	Linux	Linux Kernel	6.3	rc2	All	All
Operating System	Linux	Linux Kernel	6.3	rc3	All	All
Operating System	Linux	Linux Kernel	6.3	rc4	All	All

References

Reference	Source	Link	Tags
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org
kernel/git/axboe/linux-block.git - Linux 4.x block layer trees	MISC	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

181960 Debian Security Update for linux (CVE-2023-1583)
199298 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6033-1)
199422 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6175-1)
199437 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6186-1)
355143 Amazon Linux Security Advisory for kernel : ALAS2023-2023-160
755851 SUSE Enterprise Linux Security Update for the linux kernel (SUSE-SU-2023:2646-1)