Lucene search
HistoryFeb 15, 2024 - 6:15 a.m.
CVE-2022-23090
cve-2022-23090
aio_aqueue
lio_listio
credential
reference count
use after free
nvd
The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.
An attacker may cause the reference count to overflow, leading to a use after free (UAF).
CNA Affected
[
{
"defaultStatus": "unknown",
"modules": [
"kernel"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p1",
"status": "affected",
"version": "13.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p12",
"status": "affected",
"version": "13.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "12.3-RELEASE",
"versionType": "release"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2024-02-15 06:15:00
freebsd
freebsd
FreeBSD -- AIO credential reference count leak
2022-08-09 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-22:10.aio
2022-08-09 00:00:00
cvelist
cvelist
CVE-2022-23090 AIO credential reference count leak
2024-02-15 05:09:27
nvd
nvd
CVE-2022-23090
2024-02-15 06:15:45
nessus
nessus