CVE-2023-3389: Use After Free

First published: Wed Jun 28 2023(Updated: )

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).

Credit: cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com

Affected Software	Affected Version	How to fix
Linux Linux kernel	>=5.10.162<5.10.185
Linux Linux kernel	>=5.13<6.4
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=20.04
Canonical Ubuntu Linux	=22.04
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
ubuntu/linux	<5.15.0-78.85	5.15.0-78.85
ubuntu/linux	<6.2.0-26.26	6.2.0-26.26
ubuntu/linux	<6.4	6.4
ubuntu/linux-allwinner	<6.4	6.4
ubuntu/linux-allwinner-5.19	<6.4	6.4
ubuntu/linux-aws	<5.15.0-1040.45	5.15.0-1040.45
ubuntu/linux-aws	<6.2.0-1008.8	6.2.0-1008.8
ubuntu/linux-aws	<6.4	6.4
ubuntu/linux-aws-5.0	<6.4	6.4
ubuntu/linux-aws-5.15	<5.15.0-1040.45~20.04.1	5.15.0-1040.45~20.04.1
ubuntu/linux-aws-5.15	<6.4	6.4
ubuntu/linux-aws-5.19	<5.19.0-1029.30~22.04.1	5.19.0-1029.30~22.04.1
ubuntu/linux-aws-5.19	<6.4	6.4
ubuntu/linux-aws-5.4	<6.4	6.4
ubuntu/linux-aws-6.2	<6.4	6.4
ubuntu/linux-aws-hwe	<6.4	6.4
ubuntu/linux-azure	<5.15.0-1042.49	5.15.0-1042.49
ubuntu/linux-azure	<6.2.0-1008.8	6.2.0-1008.8
ubuntu/linux-azure	<6.4	6.4
ubuntu/linux-azure-4.15	<6.4	6.4
ubuntu/linux-azure-5.15	<5.15.0-1042.49~20.04.1	5.15.0-1042.49~20.04.1
ubuntu/linux-azure-5.15	<6.4	6.4
ubuntu/linux-azure-5.4	<6.4	6.4
ubuntu/linux-azure-6.2	<6.4	6.4
ubuntu/linux-azure-edge	<6.4	6.4
ubuntu/linux-azure-fde	<5.15.0-1042.49	5.15.0-1042.49
ubuntu/linux-azure-fde	<6.4	6.4
ubuntu/linux-azure-fde-5.15	<5.15.0-1042.49~20.04.1	5.15.0-1042.49~20.04.1
ubuntu/linux-azure-fde-5.15	<6.4	6.4
ubuntu/linux-azure-fde-5.19	<6.4	6.4
ubuntu/linux-azure-fde-6.2	<6.4	6.4
ubuntu/linux-bluefield	<6.4	6.4
ubuntu/linux-dell300x	<6.4	6.4
ubuntu/linux-fips	<6.4	6.4
ubuntu/linux-gcp	<5.15.0-1038.46	5.15.0-1038.46
ubuntu/linux-gcp	<6.2.0-1010.10	6.2.0-1010.10
ubuntu/linux-gcp	<6.4	6.4
ubuntu/linux-gcp-4.15	<6.4	6.4
ubuntu/linux-gcp-5.15	<5.15.0-1038.46~20.04.1	5.15.0-1038.46~20.04.1
ubuntu/linux-gcp-5.15	<6.4	6.4
ubuntu/linux-gcp-5.19	<5.19.0-1030.32~22.04.1	5.19.0-1030.32~22.04.1
ubuntu/linux-gcp-5.19	<6.4	6.4
ubuntu/linux-gcp-5.4	<6.4	6.4
ubuntu/linux-gke	<5.15.0-1038.43	5.15.0-1038.43
ubuntu/linux-gke	<6.4	6.4
ubuntu/linux-gke-4.15	<6.4	6.4
ubuntu/linux-gke-5.0	<6.4	6.4
ubuntu/linux-gke-5.15	<5.15.0-1038.43~20.04.1	5.15.0-1038.43~20.04.1
ubuntu/linux-gke-5.15	<6.4	6.4
ubuntu/linux-gke-5.4	<6.4	6.4
ubuntu/linux-gkeop	<5.15.0-1024.29	5.15.0-1024.29
ubuntu/linux-gkeop	<6.4	6.4
ubuntu/linux-gkeop-5.15	<5.15.0-1024.29~20.04.1	5.15.0-1024.29~20.04.1
ubuntu/linux-gkeop-5.15	<6.4	6.4
ubuntu/linux-gkeop-5.4	<6.4	6.4
ubuntu/linux-hwe	<6.4	6.4
ubuntu/linux-hwe-5.15	<5.15.0-78.85~20.04.1	5.15.0-78.85~20.04.1
ubuntu/linux-hwe-5.15	<6.4	6.4
ubuntu/linux-hwe-5.19	<5.19.0-50.50	5.19.0-50.50
ubuntu/linux-hwe-5.4	<6.4	6.4
ubuntu/linux-hwe-6.2	<6.2.0-26.26~22.04.1	6.2.0-26.26~22.04.1
ubuntu/linux-hwe-6.2	<6.4	6.4
ubuntu/linux-hwe-edge	<6.4	6.4
ubuntu/linux-ibm	<5.15.0-1034.37	5.15.0-1034.37
ubuntu/linux-ibm	<6.2.0-1006.6	6.2.0-1006.6
ubuntu/linux-ibm	<6.4	6.4
ubuntu/linux-ibm-5.15	<5.15.0-1034.37~20.04.1	5.15.0-1034.37~20.04.1
ubuntu/linux-ibm-5.15	<6.4	6.4
ubuntu/linux-ibm-5.4	<6.4	6.4
ubuntu/linux-intel-5.13	<6.4	6.4
ubuntu/linux-intel-iotg	<5.15.0-1036.41	5.15.0-1036.41
ubuntu/linux-intel-iotg	<6.4	6.4
ubuntu/linux-intel-iotg-5.15	<5.15.0-1036.41~20.04.1	5.15.0-1036.41~20.04.1
ubuntu/linux-intel-iotg-5.15	<6.4	6.4
ubuntu/linux-iot	<6.4	6.4
ubuntu/linux-kvm	<5.15.0-1038.43	5.15.0-1038.43
ubuntu/linux-kvm	<6.2.0-1009.9	6.2.0-1009.9
ubuntu/linux-kvm	<6.4	6.4
ubuntu/linux-lowlatency	<5.15.0-78.85	5.15.0-78.85
ubuntu/linux-lowlatency	<6.2.0-1009.9	6.2.0-1009.9
ubuntu/linux-lowlatency	<6.4	6.4
ubuntu/linux-lowlatency-hwe-5.15	<5.15.0-78.85~20.04.1	5.15.0-78.85~20.04.1
ubuntu/linux-lowlatency-hwe-5.15	<6.4	6.4
ubuntu/linux-lowlatency-hwe-5.19	<5.19.0-1030.30	5.19.0-1030.30
ubuntu/linux-lowlatency-hwe-5.19	<6.4	6.4
ubuntu/linux-lowlatency-hwe-6.2	<6.4	6.4
ubuntu/linux-lts-xenial	<6.4	6.4
ubuntu/linux-nvidia	<5.15.0-1029.29	5.15.0-1029.29
ubuntu/linux-nvidia	<6.4	6.4
ubuntu/linux-nvidia-6.2	<6.4	6.4
ubuntu/linux-oem	<6.4	6.4
ubuntu/linux-oem-5.10	<6.4	6.4
ubuntu/linux-oem-5.14	<6.4	6.4
ubuntu/linux-oem-5.17	<6.4	6.4
ubuntu/linux-oem-5.6	<6.4	6.4
ubuntu/linux-oem-6.0	<6.0.0-1020.20	6.0.0-1020.20
ubuntu/linux-oem-6.0	<6.4	6.4
ubuntu/linux-oem-6.1	<6.1.0-1017.17	6.1.0-1017.17
ubuntu/linux-oem-6.1	<6.4	6.4
ubuntu/linux-oem-osp1	<6.4	6.4
ubuntu/linux-oracle	<5.15.0-1039.45	5.15.0-1039.45
ubuntu/linux-oracle	<6.2.0-1008.8	6.2.0-1008.8
ubuntu/linux-oracle	<6.4	6.4
ubuntu/linux-oracle-5.0	<6.4	6.4
ubuntu/linux-oracle-5.13	<6.4	6.4
ubuntu/linux-oracle-5.15	<5.15.0-1039.45~20.04.1	5.15.0-1039.45~20.04.1
ubuntu/linux-oracle-5.15	<6.4	6.4
ubuntu/linux-oracle-5.4	<6.4	6.4
ubuntu/linux-raspi	<5.15.0-1034.37	5.15.0-1034.37
ubuntu/linux-raspi	<6.2.0-1009.11	6.2.0-1009.11
ubuntu/linux-raspi	<6.4	6.4
ubuntu/linux-raspi-5.4	<6.4	6.4
ubuntu/linux-raspi2	<6.4	6.4
ubuntu/linux-riscv	<6.2.0-27.28.1	6.2.0-27.28.1
ubuntu/linux-riscv	<6.4	6.4
ubuntu/linux-riscv-5.15	<5.15.0-1037.41~20.04.2	5.15.0-1037.41~20.04.2
ubuntu/linux-riscv-5.15	<6.4	6.4
ubuntu/linux-snapdragon	<6.4	6.4
ubuntu/linux-starfive	<6.2.0-1002.2	6.2.0-1002.2
ubuntu/linux-starfive	<6.4	6.4
ubuntu/linux-starfive-5.19	<6.4	6.4
ubuntu/linux-starfive-6.2	<6.4	6.4
ubuntu/linux-xilinx-zynqmp	<5.15.0-1025.29	5.15.0-1025.29
ubuntu/linux-xilinx-zynqmp	<6.4	6.4
debian/linux		4.19.249-2 4.19.304-1 5.10.209-2 5.10.205-2 6.1.76-1 6.1.85-1 6.6.15-2 6.7.12-1
debian/linux-5.10		5.10.209-2~deb10u1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/nvd-index
agent/type
agent/first-publish-date
agent/last-modified-date
agent/remedy
collector/launchpad-cve
source/Launchpad
agent/author
agent/severity
agent/description
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/event
agent/weakness
collector/usn-cve
source/Ubuntu
agent/references
agent/tags
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/nvd-api
agent/software-canonical-lookup-request
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/5.10.162
version/linux linux kernel/5.13
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/20.04
version/canonical ubuntu linux/22.04
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
version/debian debian linux/11.0
package-manager/ubuntu
package-manager/debian

CVE-2023-3389: Use After Free

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact