Published: 23/12/2022 Updated: 04/01/2023

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

An issue exists in the Linux kernel 5.10.x prior to 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an malicious user to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

DescriptionThe MITRE CVE dictionary describes this issue as: An issue was discovered in the Linux kernel 510x before 510155 A use-after-free in io_sqpoll_wait_sq in fs/io_uringc allows an attacker to crash the kernel, resulting in denial of service finish_wait can be skipped An attack can occur in some situations by forking a process and th ...

use-after-free in io_sqpoll_wait_sq in fs/io_uringc allows an attacker to crash the kernel, resulting in denial of service ...

CWE-416 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86 https://www.openwall.com/lists/oss-security/2022/12/22/2 http://www.openwall.com/lists/oss-security/2022/12/27/1 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-47946

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-47946

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect