Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-3910

Published: 22/11/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Linux Kernel

Vulnerability Summary

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 6.0

linux linux kernel

Vendor Advisories

Ubuntu Security Notice: USN-5793-3: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5793-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5793-2: Linux kernel (Azure) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5793-4: Linux kernel (IBM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Use After Free vulnerability in Linux Kernel allows Privilege Escalation An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its refer ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-2837 linux 6012-1 62-1 High Unknown AVG-2836 linux-zen 6012-1 62-1 High Unknown ...

References

NVD-CWE-Otherhttps://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5793-3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook