CVE-2022-2209
published 2022-07-23CVE-2022-2209: io_uring uses work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when…
io_uring uses work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. The mapping of flags is incomplete, which leads to multiple incorrect reference counts and hence use-after-free. We recommend upgrading past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| platform | frameworks_av | >= 10:0 < 10:2022-11-01 | 10:2022-11-01 |
| platform | frameworks_av | >= 11:0 < 11:2022-11-01 | 11:2022-11-01 |
| platform | frameworks_av | >= 12:0 < 12:2022-11-01 | 12:2022-11-01 |
| platform | frameworks_av | >= 12L:0 < 12L:2022-11-01 | 12L:2022-11-01 |
| platform | frameworks_av | >= 13:0 < 13:2022-11-01 | 13:2022-11-01 |