CVE-2023-52654

May 14, 2024, 4:13 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary.

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/18824f592aad4124d79751bbc1500ea86ac3ff29
https://git.kernel.org/stable/c/3fe1ea5f921bf5b71cbfdc4469fb96c05936610e
https://git.kernel.org/stable/c/5a33d385eb36991a91e3dddb189d8679e2aac2be
https://git.kernel.org/stable/c/705318a99a138c29a512a72c3e0043b3cd7f55f4
https://git.kernel.org/stable/c/bcedd497b3b4a0be56f3adf7c7542720eced0792
https://git.kernel.org/stable/c/f2f57f51b53be153a522300454ddb3887722fb2c

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-14
CVE-2023-52654

Timeline

Published: May 14, 2024, 2:23 p.m.
Last Modified: May 14, 2024, 4:13 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.