Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-1043 — Use After Free in Kernel

CWE-416 — Use After Free7 documents7 sources

Severity

8.8HIGHNVD

EPSS

22.8%

top 4.11%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Kernel Debian Linux Msrc CBL Mariner 1.0 ARM +2 more

Timeline

PublishedAug 29

Description

A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages7 packages

▶debiandebian/linux< linux 5.14.6-1 (bookworm)

▶NVDlinux/linux_kernel5.10.51 — 5.10.61+1

▶Debianlinux/linux_kernel< 5.10.70-1+3

▶CVEListV5linux/linux_kernelFixed in kernel v5.14 rc7

▶msrcmsrc/cbl_mariner_1.0_arm

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2022-1043: A flaw was found in the Linux kernel’s io_uring implementation↗2022-08-29

▶

GHSA

GHSA-p45p-x269-vq43: A flaw was found in the Linux kernel’s io_uring implementation↗2022-08-29

▶

💥Exploits & PoCs

Metasploit

io_uring Same Type Object Reuse Priv Esc↗

▶

📋Vendor Advisories

Microsoft

A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory crash the system or escalate privileges.↗2022-08-09

▶

Red Hat

kernel: Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability↗2022-02-16

▶

Debian

CVE-2022-1043: linux - A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows...↗2022

▶