CVE-2022-2585

CWE-416Use After Free11 documents7 sources
Severity
7.8HIGH
EPSS
0.4%
top 38.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
THE Linux Kernel Organization LinuxLinux Linux KernelCanonical Ubuntu Linux
Timeline
PublishedJan 8
Latest updateJan 9

Description

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 1.0 | Impact: 4.2

Affected Packages3 packages

NVDlinux/linux_kernel5.75.10.137+3
Debianlinux< 5.10.136-1+3

Also affects: Ubuntu Linux 20.04, 22.04

Patches

Patch: lore.kernel.orgPatch: lore.kernel.org

🔴Vulnerability Details

2
CVEList
CVE-2022-2585: It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free2024-01-08
OSV
CVE-2022-2585: It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free2024-01-08

📋Vendor Advisories

8
Microsoft
It was discovered that when exec'ing from a non-leader thread armed POSIX CPU timers would be left on a list but freed leading to a use-after-free.2024-01-09
Ubuntu
Kernel Live Patch Security Notice2022-08-24
Ubuntu
Linux kernel vulnerabilities2022-08-10
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2022-08-10
Ubuntu
Linux kernel vulnerabilities2022-08-10
CVE-2022-2585 (HIGH CVSS 7.8) | It was discovered that when exec'in | cvebase.io