CVE-2022-1976Use After Free in Kernel

CWE-416Use After Free6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 86.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.70.1-1 ON CBL Mariner 2.0+5 more
Timeline
PublishedAug 31
Latest updateSep 1

Description

A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

NVDlinux/linux_kernel5.17.35.18.6
Debianlinux/linux_kernel< 5.18.14-1+2
CVEListV5linux/linux_kernelkernel 5.19-rc1
debiandebian/linux< linux 5.18.14-1 (bookworm)

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-v7hc-jc7g-98g9: A flaw was found in the Linux kernel’s implementation of IO-URING2022-09-01
OSV
CVE-2022-1976: A flaw was found in the Linux kernel’s implementation of IO-URING2022-08-31

📋Vendor Advisories

3
Microsoft
A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw wit2022-08-09
Red Hat
kernel: incorrect in-flight accounting in io_uring leads to use-after-free2022-06-14
Debian
CVE-2022-1976: linux - A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw all...2022
CVE-2022-1976 — Use After Free in Linux Kernel | cvebase