kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
CPE | Name | Operator | Version |
---|---|---|---|
fedora | eq | 34 | |
fedora | eq | 35 | |
linux_kernel | ge | 5.16 | |
linux_kernel | lt | 5.16.5 | |
linux_kernel | ge | 5.14 | |
linux_kernel | lt | 5.15.19 |
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9d87929d451d3e649699d0f1d74f71f77ad38f5
github.com/torvalds/linux/commit/f9d87929d451d3e649699d0f1d74f71f77ad38f5
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSR3AI2IQGRKZCHNKF6S25JGDKUEAWWL/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVSZKUJAZ2VN6LJ35J2B6YD6BOPQTU3B/
security.netapp.com/advisory/ntap-20220221-0001/
www.openwall.com/lists/oss-security/2022/01/29/1