Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-29968

Published: 02/05/2022 Updated: 07/11/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Linux

Vulnerability Summary

An issue exists in the Linux kernel up to and including 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

fedoraproject fedora 34

fedoraproject fedora 35

fedoraproject fedora 36

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h410s_firmware -

netapp h410c_firmware -

netapp solidfire \\& hci management node -

Vendor Advisories

Ubuntu Security Notice: USN-5471-1: Linux kernel (OEM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat:
An issue was discovered in the Linux kernel through 5175 io_rw_init_file in fs/io_uringc lacks initialization of kiocb->private ...

Github Repositories

https://github.com/jprx/CVE-2022-29968

Exploit PoC for CVE-2022-29968 by Joseph Ravichandran and Michael Wang

CVE-2022-29968 Proof-of-concept exploit for CVE-2022-29968 (uninitialized memory) in the Linux Kernel, specifically the io_uring system The crash was found with Syzkaller The crash was analyzed by Joseph Ravichandran and Michael Wang The exploit was written by Joseph Ravichandran We found & reported this bug as part of the final project for 6858 at MIT, Spring 2022

References

CWE-909https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9dhttps://security.netapp.com/advisory/ntap-20220715-0009/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XA7UZ3HS73KXVYCIKN5ZDH7LLLGPUMOZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TLWTG3TWIMLNQEVTA3ZQYVLLU2AJM3DY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU7MT7BPTA2NG24BTLZF5ZWYTLSO7BU3/https://ubuntu.com/security/notices/USN-5471-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook