CVE-2023-2598

moderate-risk

Published 2023-06-01

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

Do I need to act?

0.70% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (6)

Linux Kernel

Hci Baseboard Management Controller

Affected Vendors

Linux Netapp

References (6)

http://www.openwall.com/lists/oss-security/2024/04/24/3

Third Party Advisory https://security.netapp.com/advisory/ntap-20230703-0006/

Mailing List https://www.openwall.com/lists/oss-security/2023/05/08/3

http://www.openwall.com/lists/oss-security/2024/04/24/3

Third Party Advisory https://security.netapp.com/advisory/ntap-20230703-0006/

Mailing List https://www.openwall.com/lists/oss-security/2023/05/08/3

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 13/34 · Low