CVE-2023-1583

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-1583
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1583.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-1583
Downstream
Related
Published
2023-03-24T22:15:07.137Z
Modified
2026-03-14T11:57:46.165331Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A NULL pointer dereference was found in iofilebitmapget in iouring/filetable.c in the iouring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (filealloc_{start,end} and allochint) is not cleared. A subsequent request that has auto index selection enabled via IORINGFILEINDEXALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.

References

Affected packages

Git /

Affected ranges

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1583.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "5.19"
            },
            {
                "fixed": "6.1.22"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "6.2.0"
            },
            {
                "fixed": "6.2.9"
            }
        ]
    }
]