cve-2023-52654
Vulnerability from cvelistv5
Published
2024-05-09 16:37
Modified
2024-12-19 08:23
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring/af_unix: disable sending io_uring over sockets
File reference cycles have caused lots of problems for io_uring
in the past, and it still doesn't work exactly right and races with
unix_stream_read_generic(). The safest fix would be to completely
disallow sending io_uring files via sockets via SCM_RIGHT, so there
are no possible cycles invloving registered files and thus rendering
SCM accounting on the io_uring side unnecessary.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 04df9719df1865f6770af9bc7880874af0e594b2 Version: c378c479c5175833bb22ff71974cda47d7b05401 Version: 813d8fe5d30388f73a21d3a2bf46b0a1fd72498c Version: 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 Version: 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 Version: 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52654", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-09T18:37:06.033789Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:23:29.618Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:21.358Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/18824f592aad4124d79751bbc1500ea86ac3ff29" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3fe1ea5f921bf5b71cbfdc4469fb96c05936610e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bcedd497b3b4a0be56f3adf7c7542720eced0792" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f2f57f51b53be153a522300454ddb3887722fb2c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5a33d385eb36991a91e3dddb189d8679e2aac2be" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/705318a99a138c29a512a72c3e0043b3cd7f55f4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "io_uring/rsrc.h", "net/core/scm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "18824f592aad4124d79751bbc1500ea86ac3ff29", "status": "affected", "version": "04df9719df1865f6770af9bc7880874af0e594b2", "versionType": "git" }, { "lessThan": "3fe1ea5f921bf5b71cbfdc4469fb96c05936610e", "status": "affected", "version": "c378c479c5175833bb22ff71974cda47d7b05401", "versionType": "git" }, { "lessThan": "bcedd497b3b4a0be56f3adf7c7542720eced0792", "status": "affected", "version": "813d8fe5d30388f73a21d3a2bf46b0a1fd72498c", "versionType": "git" }, { "lessThan": "f2f57f51b53be153a522300454ddb3887722fb2c", "status": "affected", "version": "0091bfc81741b8d3aeb3b7ab8636f911b2de6e80", "versionType": "git" }, { "lessThan": "5a33d385eb36991a91e3dddb189d8679e2aac2be", "status": "affected", "version": "0091bfc81741b8d3aeb3b7ab8636f911b2de6e80", "versionType": "git" }, { "lessThan": "705318a99a138c29a512a72c3e0043b3cd7f55f4", "status": "affected", "version": "0091bfc81741b8d3aeb3b7ab8636f911b2de6e80", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "io_uring/rsrc.h", "net/core/scm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.1" }, { "lessThan": "6.1", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.264", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.204", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.143", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.68", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/af_unix: disable sending io_uring over sockets\n\nFile reference cycles have caused lots of problems for io_uring\nin the past, and it still doesn\u0027t work exactly right and races with\nunix_stream_read_generic(). The safest fix would be to completely\ndisallow sending io_uring files via sockets via SCM_RIGHT, so there\nare no possible cycles invloving registered files and thus rendering\nSCM accounting on the io_uring side unnecessary." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:23:24.912Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/18824f592aad4124d79751bbc1500ea86ac3ff29" }, { "url": "https://git.kernel.org/stable/c/3fe1ea5f921bf5b71cbfdc4469fb96c05936610e" }, { "url": "https://git.kernel.org/stable/c/bcedd497b3b4a0be56f3adf7c7542720eced0792" }, { "url": "https://git.kernel.org/stable/c/f2f57f51b53be153a522300454ddb3887722fb2c" }, { "url": "https://git.kernel.org/stable/c/5a33d385eb36991a91e3dddb189d8679e2aac2be" }, { "url": "https://git.kernel.org/stable/c/705318a99a138c29a512a72c3e0043b3cd7f55f4" } ], "title": "io_uring/af_unix: disable sending io_uring over sockets", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52654", "datePublished": "2024-05-09T16:37:04.293Z", "dateReserved": "2024-03-06T09:52:12.098Z", "dateUpdated": "2024-12-19T08:23:24.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-52654\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-14T14:23:13.130\",\"lastModified\":\"2024-11-21T08:40:17.703\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nio_uring/af_unix: disable sending io_uring over sockets\\n\\nFile reference cycles have caused lots of problems for io_uring\\nin the past, and it still doesn\u0027t work exactly right and races with\\nunix_stream_read_generic(). The safest fix would be to completely\\ndisallow sending io_uring files via sockets via SCM_RIGHT, so there\\nare no possible cycles invloving registered files and thus rendering\\nSCM accounting on the io_uring side unnecessary.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: io_uring/af_unix: deshabilita el env\u00edo de io_uring a trav\u00e9s de sockets Los ciclos de referencia de archivos han causado muchos problemas para io_uring en el pasado, y todav\u00eda no funciona exactamente correctamente y corre con unix_stream_read_generic(). La soluci\u00f3n m\u00e1s segura ser\u00eda no permitir por completo el env\u00edo de archivos io_uring a trav\u00e9s de sockets a trav\u00e9s de SCM_RIGHT, de modo que no haya ciclos posibles que involucren archivos registrados y, por lo tanto, hagan innecesaria la contabilidad SCM en el lado io_uring.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/18824f592aad4124d79751bbc1500ea86ac3ff29\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3fe1ea5f921bf5b71cbfdc4469fb96c05936610e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5a33d385eb36991a91e3dddb189d8679e2aac2be\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/705318a99a138c29a512a72c3e0043b3cd7f55f4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bcedd497b3b4a0be56f3adf7c7542720eced0792\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f2f57f51b53be153a522300454ddb3887722fb2c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/18824f592aad4124d79751bbc1500ea86ac3ff29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/3fe1ea5f921bf5b71cbfdc4469fb96c05936610e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/5a33d385eb36991a91e3dddb189d8679e2aac2be\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/705318a99a138c29a512a72c3e0043b3cd7f55f4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/bcedd497b3b4a0be56f3adf7c7542720eced0792\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/f2f57f51b53be153a522300454ddb3887722fb2c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.