CVE-2023-52654

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-52654

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52654.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-52654

Downstream

BELL-CVE-2023-52654

DEBIAN-CVE-2023-52654

OESA-2024-1693

OESA-2024-1694

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2025:0231-1

UBUNTU-CVE-2023-52654

Related

Published

2024-05-14T14:23:13Z

Modified

2025-09-18T17:01:35Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

iouring/afunix: disable sending io_uring over sockets

File reference cycles have caused lots of problems for iouring in the past, and it still doesn't work exactly right and races with unixstreamreadgeneric(). The safest fix would be to completely disallow sending iouring files via sockets via SCMRIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary.

References

Affected packages