kernel CVE-2023-46862

Moderate

jpculp published GHSA-48f3-q58c-pxv5

Jan 18, 2024

Package

kernel-5.10 (bottlerocket)

Affected versions

< 1.18.0

Patched versions

1.18.0

kernel-5.15 (bottlerocket)

< 1.18.0

1.18.0

Description

A race condition in the Linux kernel's io_uring subsystem can cause a null pointer dereference.

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H