CVE-2022-1786Type Confusion in Kernel

CWE-843Type ConfusionCWE-416Use After Free9 documents7 sources
Severity
7.8HIGHNVD
EPSS
1.2%
top 21.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxGoogle Android+3 more
Timeline
PublishedJun 2
Latest updateOct 1

Description

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

debiandebian/linux< linux 5.14.6-1 (bookworm)
NVDlinux/linux_kernel5.105.12
Debianlinux/linux_kernel< 5.10.120-1+3
CVEListV5linux/linux_kernelkernel v5.10 and v5.11

🔴Vulnerability Details

4
OSV
CVE-2022-1786: In io_match_task of io_uring2022-10-01
OSV
CVE-2022-1786: In io_req_init_async there is a potential use after free due to a race condition2022-08-01
GHSA
GHSA-pqgc-jq8x-49xv: A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one2022-06-03
OSV
CVE-2022-1786: A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one2022-06-02

📋Vendor Advisories

4
Android
CVE-2022-1786: Filesystem (fs)2022-08-01
Red Hat
kernel: invalid-free in io_uring that can lead to LPE2022-05-24
Microsoft
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This fla2022-05-10
Debian
CVE-2022-1786: linux - A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the ...2022