Lucene search

Redhat.comRH:CVE-2022-20153

HistoryDec 05, 2022 - 12:31 p.m.

CVE-2022-20153

2022-12-0512:31:23

redhat.com

access.redhat.com

linux kernel

io_uring

use-after-free

local user

privilege escalation

system crash

red hat

product security

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A use-after-free flaw was found in the Linux kernel’s io_uring (in fs/io_uring.c) when improper locking happens. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Mitigation

Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

bugzilla.redhat.com/show_bug.cgi?id=2150845

github.com/torvalds/linux/commit/f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04

nvd.nist.gov/vuln/detail/CVE-2022-20153

www.cve.org/CVERecord?id=CVE-2022-20153

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for RH:CVE-2022-20153