VIR Vulnerability Intelligence Relay

CVE-2023-3389

unknown
Published — · Modified —
CVSS v3
VIR risk

Description

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed6.0.2-1
debian debianbullseyefixed5.10.191-1
debian debianforkyfixed6.0.2-1
debian debiansidfixed6.0.2-1
debian debiantrixiefixed6.0.2-1

References

💬 Discuss CVE-2023-3389 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.