CVE-2023-0468

A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference.

Published: Jan 26, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-0468
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.7
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	6.1
linux / linux_kernel	6.1-rc2	6.1-rc2.x
linux / linux_kernel	6.1-rc5	6.1-rc5.x
linux / linux_kernel	6.1-rc1	6.1-rc1.x
linux / linux_kernel	6.1-rc3	6.1-rc3.x
linux / linux_kernel	6.1-rc4	6.1-rc4.x
linux / linux_kernel	6.1-rc6	6.1-rc6.x
linux / linux_kernel	6.1	6.1.x

https://bugzilla.redhat.com/show_bug.cgi?id=2164024

Vulnerability Database

289,599

CVE-2023-0468