CVE-2022-3910Use After Free in Kernel

CWE-416Use After FreeCWE-911Improper Update of Reference Count11 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 29.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.82.1-1 ON CBL Mariner 2.0+1 more
Timeline
PublishedNov 22
Latest updateFeb 26

Description

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel5.185.19.11+1
Debianlinux/linux_kernel< 5.19.11-1+2
CVEListV5linux/linux_kernel5.18.05.19.10
debiandebian/linux< linux 5.19.11-1 (bookworm)

Patches

Patch: github.comPatch: kernel.dancePatch: github.com

🔴Vulnerability Details

2
OSV
CVE-2022-3910: Use After Free vulnerability in Linux Kernel allows Privilege Escalation2022-11-22
GHSA
GHSA-25w9-jc8c-rx9w: Use After Free vulnerability in Linux Kernel allows Privilege Escalation2022-11-22

📋Vendor Advisories

8
Red Hat
kernel: bpf: Fix a btf decl_tag bug when tagging a function2025-02-26
Ubuntu
Linux kernel (IBM) vulnerabilities2023-01-10
Ubuntu
Linux kernel vulnerabilities2023-01-10
Ubuntu
Linux kernel (Azure) vulnerabilities2023-01-09
Ubuntu
Linux kernel vulnerabilities2023-01-06