CVE-2022-1116

Related Files

Kernel Live Patch Security Notice LSN-0086-1

Posted Jun 3, 2022

Authored by Benjamin M. Romer

It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local

systems | linux

advisories | CVE-2021-39713, CVE-2022-0492, CVE-2022-1055, CVE-2022-1116, CVE-2022-21499, CVE-2022-29581, CVE-2022-30594

SHA-256 | d764344ffd074691e5125e0c7ecb9972329d587b004cdad9acfe1fafabfb0253

Download | Favorite | View

Ubuntu Security Notice USN-5442-2

Posted Jun 1, 2022

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5442-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local

systems | linux, ubuntu

advisories | CVE-2022-1116, CVE-2022-29581, CVE-2022-30594

SHA-256 | 5632e668ad026b3cc2fecc2e4439dd6df764ced86921dd64641d8fd7bcfcf72c

Download | Favorite | View