Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation.
When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately.
We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
References
Link | Resource |
---|---|
https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 | Patch Third Party Advisory |
https://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:51
Type | Values Removed | Values Added |
---|---|---|
Summary | Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 |
27 Jun 2023, 19:29
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
23 Nov 2022, 19:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-416 | |
References | (MISC) https://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 - Patch, Third Party Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:* |
|
First Time |
Linux
Linux linux Kernel |
22 Nov 2022, 13:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-22 13:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-3910
Mitre link : CVE-2022-3910
CVE.ORG link : CVE-2022-3910
JSON object : View
Products Affected
linux
- linux_kernel
CWE