Ubuntu: (Multiple Advisories) (CVE-2023-1872): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2023-1872): Linux kernel vulnerabilities

Severity

7

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

04/12/2023

Created

05/05/2023

Added

05/01/2023

Modified

01/28/2025

Description

A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.

Solution(s)

• ubuntu-upgrade-linux-image-5-15-0-1019-gkeop
• ubuntu-upgrade-linux-image-5-15-0-1028-raspi
• ubuntu-upgrade-linux-image-5-15-0-1028-raspi-nolpae
• ubuntu-upgrade-linux-image-5-15-0-1029-ibm
• ubuntu-upgrade-linux-image-5-15-0-1030-intel-iotg
• ubuntu-upgrade-linux-image-5-15-0-1032-gke
• ubuntu-upgrade-linux-image-5-15-0-1032-kvm
• ubuntu-upgrade-linux-image-5-15-0-1033-gcp
• ubuntu-upgrade-linux-image-5-15-0-1034-oracle
• ubuntu-upgrade-linux-image-5-15-0-1035-aws
• ubuntu-upgrade-linux-image-5-15-0-1037-azure
• ubuntu-upgrade-linux-image-5-15-0-1037-azure-fde
• ubuntu-upgrade-linux-image-5-15-0-71-generic
• ubuntu-upgrade-linux-image-5-15-0-71-generic-64k
• ubuntu-upgrade-linux-image-5-15-0-71-generic-lpae
• ubuntu-upgrade-linux-image-5-15-0-71-lowlatency
• ubuntu-upgrade-linux-image-5-15-0-71-lowlatency-64k
• ubuntu-upgrade-linux-image-aws
• ubuntu-upgrade-linux-image-aws-lts-22-04
• ubuntu-upgrade-linux-image-azure
• ubuntu-upgrade-linux-image-azure-cvm
• ubuntu-upgrade-linux-image-azure-fde
• ubuntu-upgrade-linux-image-azure-lts-22-04
• ubuntu-upgrade-linux-image-gcp
• ubuntu-upgrade-linux-image-generic
• ubuntu-upgrade-linux-image-generic-64k
• ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
• ubuntu-upgrade-linux-image-generic-hwe-20-04
• ubuntu-upgrade-linux-image-generic-lpae
• ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
• ubuntu-upgrade-linux-image-gke
• ubuntu-upgrade-linux-image-gke-5-15
• ubuntu-upgrade-linux-image-gkeop
• ubuntu-upgrade-linux-image-gkeop-5-15
• ubuntu-upgrade-linux-image-ibm
• ubuntu-upgrade-linux-image-intel
• ubuntu-upgrade-linux-image-intel-iotg
• ubuntu-upgrade-linux-image-kvm
• ubuntu-upgrade-linux-image-lowlatency
• ubuntu-upgrade-linux-image-lowlatency-64k
• ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
• ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
• ubuntu-upgrade-linux-image-oem-20-04
• ubuntu-upgrade-linux-image-oem-20-04b
• ubuntu-upgrade-linux-image-oem-20-04c
• ubuntu-upgrade-linux-image-oem-20-04d
• ubuntu-upgrade-linux-image-oracle
• ubuntu-upgrade-linux-image-raspi
• ubuntu-upgrade-linux-image-raspi-nolpae
• ubuntu-upgrade-linux-image-virtual
• ubuntu-upgrade-linux-image-virtual-hwe-20-04

References

• https://attackerkb.com/topics/cve-2023-1872
• CVE - 2023-1872
• USN-6044-1
• USN-6051-1
• USN-6070-1
• USN-6107-1
• USN-6133-1
• USN-6134-1

View more