CVE-2022-2327 Use-after-free in io_uring ad work_flags in Linux Kernel

2022-07-2200:00:00

CWE-416

Google

www.cve.org

cve-2022-2327

use-after-free

io_uring

work_flags

linux kernel

reference counts

double free

kernel upgrade

df3f3bb5059d20ef094d6b2f0256c4bf4127a859

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859

CNA Affected

[
  {
    "vendor": "Linux Kernel",
    "product": "Linux Kernel",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "df3f3bb5059d20ef094d6b2f0256c4bf4127a859",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]