Bug 1212836 (CVE-2023-1295)

Summary: VUL-0: CVE-2023-1295: kernel-source,kernel-source-rt,kernel-source-azure: TOCTOU vulnerability in io_uring in IORING_OP_CLOSE operation
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Leroy <thomas.leroy>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: gabriel.bertazi, meissner, security-team, vasant.karasulli
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/370718/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2023-06-29 06:46:06 UTC 
CVE-2023-1295

A time-of-check to time-of-use issue exists in io_uring subsystem's
IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive),
which allows a local user to elevate their privileges to root. Introduced in
b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in
9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in
788d0824269bef539fe31a785b1517882eafed93.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1295
https://bugzilla.redhat.com/show_bug.cgi?id=2218350
https://www.cve.org/CVERecord?id=CVE-2023-1295
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=788d0824269bef539fe31a785b1517882eafed93
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9eac1904d3364254d622bf2c771c4f85cd435fc2
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb
https://kernel.dance/788d0824269bef539fe31a785b1517882eafed93
https://kernel.dance/9eac1904d3364254d622bf2c771c4f85cd435fc2
Comment 1 Thomas Leroy 2023-06-29 06:47:33 UTC 
Both commit introducing the bug and fixing commit are on stable and SLE15-SP4 branches only. Nothing to do except adding the CVE to the changelog
Comment 3 Marcus Meissner 2023-07-03 07:37:11 UTC 
was not backported to older kernels before 5.6, and is not in 5.14 based kernels.

so no SLES affected.