|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-2236: kernel: use-after-free in io_uring subsystem | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexander Bergmann <abergmann> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED DUPLICATE | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P3 - Medium | CC: | mhocko, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/364833/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1210991 | ||
|
Description
Alexander Bergmann
2023-05-02 06:53:26 UTC
This is a fixup for
339f24b336d ("io_uring: allow allocated fixed files for openat/openat2")
61c1b44a21d7 ("io_uring: fix deadlock on iowq file slot alloc")
both 5.19. 15-sp5 has them backported but it also has this follow up fix. I will just update the reference. 15-sp4 and older do not have none.
Back to the security team.
Hmm, looking at the patch in 15-sp5 this is a duplicate of bug 1207521 CVE-2023-0469. Should the CVE be dismissed or should I add another reference? Duplicate of bug 1207521 *** This bug has been marked as a duplicate of bug 1207521 *** |