CVE-2023-1032 MEDIUM

CVE-2023-1032

Vendor The Linux Kernel Organization
Product linux
Weakness CWE-415
Published January 8, 2024
Last update August 27, 2024

CVSS base score

4.7/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

Key dates

02Disclosure timeline

January 8, 2024 CVE published
August 27, 2024 Record updated