Updated: 2023-06-22
CWE: CWE-416
Description:
A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.
CVSS3: 7.8
| OS | Vendor version | Errata |
|---|---|---|
| Ubuntu 22.04 | 5.15.0-71.78 | USN-6044-1 |
| Ubuntu 22.04 AWS | 5.15.0-1035.39 | USN-6044-1 |
| Ubuntu 22.04 Azure | 5.15.0-1037.44 | USN-6044-1 |
| Ubuntu 20.04 HWE AWS | 5.15.0-1035.39~20.04.1 | USN-6044-1 |
| Amazon Linux 2 5.10 | 5.10.173-154.642.amzn2 | ALAS2KERNEL-5.10-2023-028 |
| OS | Original kernel version | State |
|---|---|---|
| Debian 11 | |
Planned |
| Ubuntu 22.04 |
5.15.0-60.66
show all
hide all
5.15.0-67.74
5.15.0-68.75
5.15.0-69.76
5.15.0-70.77
|
Released |
| Ubuntu 22.04 AWS |
5.15.0-1031.35
show all
hide all
5.15.0-1032.36
5.15.0-1033.37
5.15.0-1034.38
|
Released |
| Ubuntu 22.04 Azure |
5.15.0-1036.43
show all
hide all
5.15.0-1034.41
5.15.0-1035.42
|
Released |
| Ubuntu 20.04 HWE AWS |
5.15.0-1033.37~20.04.1
show all
hide all
5.15.0-1034.38~20.04.1
|
Released |
| Amazon Linux 2 5.10 | |
Will Not Fix |