{"id":"CVE-2023-1872","details":"A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.\n\nThe io_file_get_fixed function lacks the presence of ctx-\u003euring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.\n\nWe recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.","modified":"2026-03-15T22:45:46.408579Z","published":"2023-04-12T16:15:17.027Z","related":["SUSE-SU-2023:2146-1","SUSE-SU-2023:2147-1","SUSE-SU-2023:2148-1","SUSE-SU-2023:2401-1","SUSE-SU-2023:2405-1","SUSE-SU-2023:2416-1","SUSE-SU-2023:2423-1","SUSE-SU-2023:2448-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230601-0002/"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=da24142b1ef9fd5d36b76e36bab328a5b27523e8"},{"type":"ARTICLE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=08681391b84da27133deefaaddefd0acfa90c2be"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1872.json","unresolved_ranges":[{"events":[{"introduced":"5.7"},{"fixed":"5.17"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}