« List of all CVEs

CVE-2023-0160

Possibility of deadlock in libbpf function sock_hash_delete_elem

Published: 7/18/2023 Last updated: 9/26/2024 Reserved: 1/10/2023

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.7	Medium	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (9)

Product	Vendor	Version
Fedora	Fedora	< ec3f04f74f50d0b6bac04d795c93c2b852753a7a
Red Hat Enterprise Linux 6	Red Hat	<= 6.0.*
Red Hat Enterprise Linux 7	Red Hat	<= *
Red Hat Enterprise Linux 8	Red Hat	< c482cb0deb57924335103fe592c379a076d867f8
Red Hat Enterprise Linux 9	Red Hat	< 440afd7fd9b164fdde6fc9da8c47d3d7f20dcce8
Red Hat Enterprise Linux 8	Red Hat	< 80fad2e53eaed2b3a2ff596575f65669e13ceda5
Red Hat Enterprise Linux 7	Red Hat	< 3b4676f274a6b5d001176f15d0542100bbf4b59a
Red Hat Enterprise Linux 9	Red Hat	< 88fa351b20ca300693a206ccd3c4b0e0647944d8
kernel	n/a	<= 5.19.*

References (16)

Credits (2)

Red Hat would like to thank Hsin-Wei Hung (University of California, Irvine) for reporting this issue.
Red Hat would like to thank Hsin-Wei Hung (University of California, Irvine) for reporting this issue.