CVE-2023-1583

CVSS V2 None CVSS V3 None
Description
A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.
Overview
  • CVE ID
  • CVE-2023-1583
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-24T22:15:07
  • Last Modified Date
  • 2023-03-30T02:21:30
Weakness Enumerations
CWE URL
CWE-476 http://cwe.mitre.org/data/definitions/476.html
CWE-476 http://cwe.mitre.org/data/definitions/476.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:linux:linux_kernel:5.19:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.19:rc7:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.19:rc8:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.0:rc6:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.0:rc7:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.2:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.2:rc8:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:6.3:rc4:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=io_uring-6.3&id=761efd55a0227aca3a69deacdaa112fffd44fe37 Mailing List Patch
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-1583
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1583
History
Created Old Value New Value Data Type Notes
2023-04-17 03:26:06 Added to TrackCVE
2023-04-17 03:26:08 Weakness Enumeration new