Showing 1 - 4 of 4

CVE-2022-3910

Status Candidate

Overview

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

Related Files

Ubuntu Security Notice USN-5793-3: Posted Jan 11, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5793-3 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2022-20421, CVE-2022-2663, CVE-2022-3303, CVE-2022-3541, CVE-2022-3543, CVE-2022-3586, CVE-2022-3623, CVE-2022-3646, CVE-2022-3649, CVE-2022-3910, CVE-2022-3977, CVE-2022-40307, CVE-2022-4095, CVE-2022-41849; SHA-256 | de87ce493d82fd0359247a8cad970c787d81d4e8273265a324e13a768ef64e55; Download | Favorite | View

Ubuntu Security Notice USN-5793-4: Posted Jan 11, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5793-4 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2022-20421, CVE-2022-2663, CVE-2022-3303, CVE-2022-3541, CVE-2022-3543, CVE-2022-3586, CVE-2022-3623, CVE-2022-3646, CVE-2022-3649, CVE-2022-3910, CVE-2022-3977, CVE-2022-40307, CVE-2022-4095, CVE-2022-41849; SHA-256 | 2c32e72ace00f2afbe7c74ffcd43d9f0c6bdd99ce3882f8881790ea8ad77c31c; Download | Favorite | View

Ubuntu Security Notice USN-5793-2: Posted Jan 10, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5793-2 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2022-20421, CVE-2022-2663, CVE-2022-3303, CVE-2022-3541, CVE-2022-3543, CVE-2022-3586, CVE-2022-3623, CVE-2022-3646, CVE-2022-3649, CVE-2022-3910, CVE-2022-3977, CVE-2022-40307, CVE-2022-4095, CVE-2022-41849; SHA-256 | d675040336f5a36e7ca116ff8ee729cb2ab25769ff6dae5749e51445e04f8c2c; Download | Favorite | View

Ubuntu Security Notice USN-5793-1: Posted Jan 9, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5793-1 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2022-20421, CVE-2022-2663, CVE-2022-3303, CVE-2022-3541, CVE-2022-3543, CVE-2022-3586, CVE-2022-3623, CVE-2022-3646, CVE-2022-3649, CVE-2022-3910, CVE-2022-3977, CVE-2022-40307, CVE-2022-4095, CVE-2022-41849; SHA-256 | 91ba98c3c9637a1d31736093e5bfd37579c41aaa5e5abbbbc4396e2e20bfe7e1; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 234 files
indoushka 93 files
Ubuntu 87 files
Gentoo 36 files
Jasper Nota 25 files
Debian 21 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,099)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,756)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,521)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,747)
UNIX (9,436)
UnixWare (187)
Windows (6,674)
Other

CVE-2022-3910

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems