CVE-2023-2598

Summary

CVE	CVE-2023-2598
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-06-01 01:15:00 UTC
Updated	2023-09-12 19:41:00 UTC
Description	A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Application	Netapp	Hci Baseboard Management Controller	h300s	All	All	All
Application	Netapp	Hci Baseboard Management Controller	h410c	All	All	All
Application	Netapp	Hci Baseboard Management Controller	h410s	All	All	All
Application	Netapp	Hci Baseboard Management Controller	h500s	All	All	All
Application	Netapp	Hci Baseboard Management Controller	h700s	All	All	All

References

Reference	Source	Link	Tags
oss-security - Linux kernel io_uring out-of-bounds access to physical memory	MISC	www.openwall.com
403 Forbidden	CONFIRM	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

907010 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27054-1)
907021 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27061-1)