Rapid7 Vulnerability & Exploit Database

Ubuntu: (CVE-2023-52903): linux vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Ubuntu: (CVE-2023-52903): linux vulnerability

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
08/21/2024
Created
11/21/2024
Added
11/19/2024
Modified
11/19/2024

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Workqueue: events_unbound io_ring_exit_work Call trace:  io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734  io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773  io_fill_cqe_req io_uring/io_uring.h:168 [inline]  io_do_iopoll+0x474/0x62c io_uring/rw.c:1065  io_iopoll_try_reap_events+0x6c/0x108 io_uring/io_uring.c:1513  io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056  io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869  process_one_work+0x2d8/0x504 kernel/workqueue.c:2289  worker_thread+0x340/0x610 kernel/workqueue.c:2436  kthread+0x12c/0x158 kernel/kthread.c:376  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863 There is no real problem for normal IOPOLL as flush is also called with uring_lock taken, but it's getting more complicated for IOPOLL|SQPOLL, for which __io_cqring_overflow_flush() happens from the CQ waiting path.

Solution(s)

  • ubuntu-upgrade-linux
  • ubuntu-upgrade-linux-aws
  • ubuntu-upgrade-linux-aws-5-15
  • ubuntu-upgrade-linux-azure
  • ubuntu-upgrade-linux-azure-5-15
  • ubuntu-upgrade-linux-azure-fde
  • ubuntu-upgrade-linux-azure-fde-5-15
  • ubuntu-upgrade-linux-gcp
  • ubuntu-upgrade-linux-gcp-5-15
  • ubuntu-upgrade-linux-gke
  • ubuntu-upgrade-linux-gkeop
  • ubuntu-upgrade-linux-gkeop-5-15
  • ubuntu-upgrade-linux-hwe-5-15
  • ubuntu-upgrade-linux-ibm
  • ubuntu-upgrade-linux-intel-iotg
  • ubuntu-upgrade-linux-intel-iotg-5-15
  • ubuntu-upgrade-linux-kvm
  • ubuntu-upgrade-linux-lowlatency
  • ubuntu-upgrade-linux-lowlatency-hwe-5-15
  • ubuntu-upgrade-linux-nvidia
  • ubuntu-upgrade-linux-oracle
  • ubuntu-upgrade-linux-oracle-5-15
  • ubuntu-upgrade-linux-raspi
  • ubuntu-upgrade-linux-riscv-5-15

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;