Security Advisory

CVE-2023-2236

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-01 12:50:47

Last updated 2025-03-05 19:03:34

Assigner Google

State PUBLISHED

Description

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.

← Browse all CVEs View on cve.org ↗