linux-kvm is vulnerable to denial of service. The vulnerability exists because the io_uring
poll does not properly handle POLLFREE
, allowing an attacker to crash the application through the use after free.
git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-3176
git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?h=linux-5.4.y&id=fc78b2fc21f10c4c9c4d5d659a685710ffa63659
kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659
lists.debian.org/debian-lts-announce/2022/11/msg00001.html
security.netapp.com/advisory/ntap-20230216-0003/
www.debian.org/security/2022/dsa-5257