Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2598

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

Published

2023-06-01T01:15:17.867

Last Modified

2025-04-23T17:16:29.683

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-416
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 6.3.2	Yes
Application	netapp	hci_baseboard_management_controller	h300s	Yes
Application	netapp	hci_baseboard_management_controller	h410c	Yes
Application	netapp	hci_baseboard_management_controller	h410s	Yes
Application	netapp	hci_baseboard_management_controller	h500s	Yes
Application	netapp	hci_baseboard_management_controller	h700s	Yes

References

http://www.openwall.com/lists/oss-security/2024/04/24/3 ([email protected])
https://security.netapp.com/advisory/ntap-20230703-0006/ Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2023/05/08/3 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/04/24/3 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230703-0006/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2023/05/08/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)