Lucene search

K

[email protected]NVD:CVE-2022-23090

HistoryFeb 15, 2024 - 6:15 a.m.

CVE-2022-23090

2024-02-1506:15:45

CWE-416

[email protected]

web.nvd.nist.gov

4

aio_aqueue

lio_listio

credential reference

use after free

AI Score

6.5

Confidence

High

EPSS

0

Percentile

9.0%

The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.

An attacker may cause the reference count to overflow, leading to a use after free (UAF).

References

security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc

security.netapp.com/advisory/ntap-20240415-0007/

AI Score

6.5

Confidence

High

EPSS

0

Percentile

9.0%

Related for NVD:CVE-2022-23090

freebsd1 prion1 freebsd_advisory1 vulnrichment1 cvelist1 cve1 nessus1