CVE-2022-29582
Summary
| CVE | CVE-2022-29582 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-04-22 16:15:00 UTC |
|---|
| Updated | 2023-08-08 14:21:00 UTC |
|---|
| Description | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| GitHub - Ruia-ruia/CVE-2022-29582-Exploit: Exploit for CVE-2022-29582 targeting Google's Kernel CTF |
MISC |
github.com |
|
| Debian -- Security Information -- DSA-5127-1 linux |
DEBIAN |
www.debian.org |
|
| oss-security - Re: Linux: UaF due to concurrency issue in io_uring
timeouts |
MLIST |
www.openwall.com |
|
| kernel/git/torvalds/linux.git - Linux kernel source tree |
MISC |
git.kernel.org |
|
| cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3 |
MISC |
cdn.kernel.org |
|
| oss-security - Linux: UaF due to concurrency issue in io_uring timeouts |
MISC |
www.openwall.com |
|
| CVE-2022-29582 - Computer security and related topics |
MISC |
ruia-ruia.github.io |
|
| io_uring: fix race between timeout flush and removal · torvalds/linux@e677edb · GitHub |
MISC |
github.com |
|
| oss-security - Re: Linux: UaF due to concurrency issue in io_uring timeouts |
MLIST |
www.openwall.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179258 Debian Security Update for linux (DSA 5127-1)
- 184513 Debian Security Update for linux (CVE-2022-29582)
- 353964 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2022-001
- 354327 Amazon Linux Security Advisory for kernel : ALAS2022-2022-083
- 354407 Amazon Linux Security Advisory for kernel-livepatch : ALAS2022-2022-101
- 354468 Amazon Linux Security Advisory for kernel : ALAS2022-2022-185
- 354542 Amazon Linux Security Advisory for kernel : ALAS-2022-185
- 355199 Amazon Linux Security Advisory for kernel : ALAS2023-2023-070
- 355563 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-036
- 355565 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2023-023
- 376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
- 610429 Google Android Devices September 2022 Security Patch Missing
- 610438 Google Android October 2022 Security Patch Missing for Samsung
- 6140283 AWS Bottlerocket Security Update for kernel (GHSA-c8fm-mqg3-x5j8)
- 671975 EulerOS Security Update for kernel (EulerOS-SA-2022-2159)
- 752370 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2520-1)
- 753148 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2615-1)
- 901291 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9620)
- 901857 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9582)
- 902008 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9620-1)
- 902106 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9582-1)
- 906176 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9620-2)
- 906402 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9582-2)
