Unrated severityNVD Advisory· Published Apr 12, 2023· Updated Feb 13, 2025
Use-after-free in Linux kernel's io_uring subsystem
CVE-2023-1872
Description
A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.
The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.
We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.
Affected products
109- osv-coords108 versionspkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/kernel-64kb&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/kernel-default-base&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/kernel-default-base&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/kernel-docs&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/kernel-docs&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_29&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_32&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_35&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_36&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_23&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_28&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_31&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_32&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/kernel-preempt&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/kernel-preempt&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/kernel-preempt&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/kernel-preempt&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP3pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Manager%20Server%204.2
< 5.3.18-150300.59.121.1+ 107 more
- (no CPE)range: < 5.3.18-150300.59.121.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1.150200.9.73.1
- (no CPE)range: < 5.3.18-150300.59.121.2.150300.18.70.2
- (no CPE)range: < 5.3.18-150200.24.151.1.150200.9.73.1
- (no CPE)range: < 5.3.18-150300.59.121.2.150300.18.70.2
- (no CPE)range: < 5.3.18-150300.59.121.2.150300.18.70.2
- (no CPE)range: < 5.3.18-150300.59.121.2.150300.18.70.2
- (no CPE)range: < 5.3.18-150300.59.121.2.150300.18.70.2
- (no CPE)range: < 5.3.18-150300.59.121.2.150300.18.70.2
- (no CPE)range: < 5.3.18-150200.24.151.1.150200.9.73.1
- (no CPE)range: < 5.3.18-150300.59.121.2.150300.18.70.2
- (no CPE)range: < 5.3.18-150200.24.151.1.150200.9.73.1
- (no CPE)range: < 5.3.18-150300.59.121.2.150300.18.70.2
- (no CPE)range: < 5.3.18-150300.59.121.2.150300.18.70.2
- (no CPE)range: < 5.3.18-150300.59.121.2.150300.18.70.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 11-150200.2.3
- (no CPE)range: < 5-150200.2.3
- (no CPE)range: < 2-150200.2.3
- (no CPE)range: < 1-150200.5.3.1
- (no CPE)range: < 14-150300.2.3
- (no CPE)range: < 11-150300.2.3
- (no CPE)range: < 5-150300.2.3
- (no CPE)range: < 2-150300.2.3
- (no CPE)range: < 1-150300.7.3.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.127.1
- (no CPE)range: < 5.3.18-150300.127.1
- (no CPE)range: < 5.3.18-150300.127.1
- (no CPE)range: < 5.3.18-150300.127.1
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.127.1
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.1
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.1
- (no CPE)range: < 5.3.18-150300.59.121.1
- (no CPE)range: < 5.3.18-150300.59.121.1
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.1
- (no CPE)range: < 5.3.18-150200.24.151.1
- (no CPE)range: < 5.3.18-150300.59.121.1
- (no CPE)range: < 5.3.18-150300.127.1
- (no CPE)range: < 5.3.18-150300.59.121.2
- (no CPE)range: < 5.3.18-150300.59.121.2
- Linux/Linux Kernelv5Range: 5.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.htmlmitre
- git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/mitre
- git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/mitre
- lists.debian.org/debian-lts-announce/2023/05/msg00005.htmlmitre
- security.netapp.com/advisory/ntap-20230601-0002/mitre
News mentions
0No linked articles in our index yet.