6.7
CVSSv3

CVE-2022-2588

Vulnerability Summary

It exists that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2585) ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vendor Advisories

Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
A use-after-free flaw was found in route4_change in the net/sched/cls_routec filter implementation in the Linux kernel This flaw allows a local, privileged attacker to crash the system, possibly leading to a local privilege escalation issueA use-after-free flaw was found in route4_change in the net/sched/cls_routec filter implementation in the ...
Synopsis Important: Red Hat Virtualization security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-produ ...
Several security issues were fixed in the Linux kernel ...
An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function This flaw allows a local user to crash the system or read unauthorized random data from memory ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2022-2585 A use-after-free flaw in the implementation of POSIX CPU timers may result in denial of service or in local privilege escalation CVE-2022-2586 A use-after-free in the Netfilter ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-1679) A flaw was found in the Linux kernel's KVM when attempt ...

Github Repositories

CVE-2022-2588 - Linux kernel cls_route UAF It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0 Zhenpeng Lin working with Trend Micro's Zero Day Initiative discovered that this vulnerability could be exploited for Local Privilege Escalation This has

DirtyCred Demo CVE-2021-4154 CVE-2022-2588 to be coming