{"vulnerability": "CVE-2023-3389", "sightings": [{"uuid": "a7a0353c-ae4c-48ba-b9d2-380994f3fd56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33891", "type": "seen", "source": "https://t.me/cibsecurity/66511", "content": "\u203c CVE-2023-33891 \u203c\n\nIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:48:36.000000Z"}, {"uuid": "1e7592ef-350b-4e55-a43b-9a8053ae072f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33890", "type": "seen", "source": "https://t.me/cibsecurity/66482", "content": "\u203c CVE-2023-33890 \u203c\n\nIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:41:25.000000Z"}, {"uuid": "f2e02e8d-4e88-4083-beca-a2d765ec1aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3389", "type": "seen", "source": "https://t.me/cibsecurity/65695", "content": "\u203c CVE-2023-3389 \u203c\n\nA use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit 4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and\u00c2\u00a00e388fce7aec40992eadee654193cad345d62663 for 5.15 stable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T00:13:36.000000Z"}, {"uuid": "eb9ecbeb-88ec-4f4e-bb6b-74f15e89cb23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3389", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8992", "content": "#exploit\n1. CVE-2023-37895:\nApache Jackrabbit RMI RCE\nhttps://y4er.com/posts/cve-2023-37895-apache-jackrabbit-rmi-rce\n\n2. CVE-2023-3389:\nLinkedPoll - UaF in the Linux Kernel io_uring subsystem\nhttps://qyn.app/posts/CVE-2023-3389", "creation_timestamp": "2023-09-09T12:36:01.000000Z"}, {"uuid": "2eaee8af-a4f0-4d0a-9731-cc776b1ba296", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33892", "type": "seen", "source": "https://t.me/cibsecurity/66497", "content": "\u203c CVE-2023-33892 \u203c\n\nIn fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:41:47.000000Z"}, {"uuid": "bb3a14d6-ba69-44bb-98ab-ae9bc2468e61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33893", "type": "seen", "source": "https://t.me/cibsecurity/66494", "content": "\u203c CVE-2023-33893 \u203c\n\nIn fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:41:41.000000Z"}, {"uuid": "a4ee53d5-00f1-40e1-af6a-afb266be1cd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33899", "type": "seen", "source": "https://t.me/cibsecurity/66469", "content": "\u203c CVE-2023-33899 \u203c\n\nIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:35:31.000000Z"}, {"uuid": "c7adf115-ad3e-431b-8648-0c8e7cf6b639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3389", "type": "seen", "source": "https://t.me/linkersec/224", "content": "CVE-2023-3389 - LinkedPoll\n\nQuerijn Voet published an article about exploiting a race condition causing a use-after-free in the io_uring subsystem.", "creation_timestamp": "2023-09-03T06:05:06.000000Z"}]}