Bug 2180970 (CVE-2023-1583) - CVE-2023-1583 kernel: NULL pointer dereference in io_file_bitmap_get in io_uring/filetable.c
Summary: CVE-2023-1583 kernel: NULL pointer dereference in io_file_bitmap_get in io_ur...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-1583
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2180972
TreeView+ depends on / blocked
 
Reported: 2023-03-22 18:40 UTC by Pedro Sampaio
Modified: 2023-04-12 16:21 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in the io_uring sub-component in io_file_bitmap_get of io_uring/filetable.c.the in the Linux kernel. This issue could allow a local user to crash the system.
Clone Of:
Environment:
Last Closed: 2023-03-23 17:16:16 UTC
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2023-03-22 18:40:06 UTC
A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=io_uring-6.3&?id=761efd55a0227aca3a69deacdaa112fffd44fe37

Comment 2 Product Security DevOps Team 2023-03-23 17:16:13 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-1583


Note You need to log in before you can comment on or make changes to this bug.