VYPR
Unrated severityNVD Advisory· Published Apr 12, 2023· Updated Feb 13, 2025

Use-after-free in Linux kernel's io_uring subsystem

CVE-2023-1872

Description

A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.

The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.

We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

110

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.