CVE-2023-6560
MEDIUM
5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Description
AI Translation Available
An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 90 Days)
119
Improper Restriction of Operations within the Bounds of a Memory Buffer
StableCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Modify Memory
Read Memory
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Applicable Platforms
Languages:
Assembly, C, C++, Memory-Unsafe
823
Use of Out-of-range Pointer Offset
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Availability
Integrity
Potential Impacts:
Read Memory
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Modify Memory
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Operating System
Linux Kernel by Linux
Version Range Affected
To
6.6
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-M…
https://access.redhat.com/security/cve/CVE-2023-6560
https://bugzilla.redhat.com/show_bug.cgi?id=2253249
https://lists.fedoraproject.org/archives/list/[email protected]…
https://lists.fedoraproject.org/archives/list/[email protected]…
https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axb…
http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-M…
https://access.redhat.com/security/cve/CVE-2023-6560
https://bugzilla.redhat.com/show_bug.cgi?id=2253249
https://lists.fedoraproject.org/archives/list/[email protected]…
https://lists.fedoraproject.org/archives/list/[email protected]…
https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axb…