Lucene search

Ubuntu.comUB:CVE-2023-33250

HistoryMay 21, 2023 - 12:00 a.m.

CVE-2023-33250

2023-05-2100:00:00

ubuntu.com

linux kernel

use-after-free

vulnerability

iopt_unmap_iova_range

iommu

root access

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in
drivers/iommu/iommufd/io_pagetable.c.

Bugs

Notes

Author	Note
	Priority reason: Exploiting this vulnerability requires access to /dev/iommu, which is limited to root
cascardo	vulnerability requires access to /dev/iommu, which is limited to root

References

groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ

launchpad.net/bugs/cve/CVE-2023-33250

lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/

lore.kernel.org/linux-iommu/ZDabT%2FuRl%[email protected]/T/

nvd.nist.gov/vuln/detail/CVE-2023-33250

security-tracker.debian.org/tracker/CVE-2023-33250

www.cve.org/CVERecord?id=CVE-2023-33250

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2023-33250