CVE-2022-4696
CVSS V2 None
CVSS V3 None
Description
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above
Overview
- CVE ID
- CVE-2022-4696
- Assigner
- cve-coordination@google.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-01-11T13:15:09
- Last Modified Date
- 2023-01-19T13:24:23
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:o:linux:linux_kernel:5.7:rc1:*:*:*:*:*:* | 1 | OR |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-4696 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4696 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-01-12 05:17:34 | Added to TrackCVE | |||
| 2023-01-12 05:17:35 | Weakness Enumeration | new | ||
| 2023-01-18 11:15:37 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2023-01-19 14:12:34 | 2023-01-19T13:24:23 | CVE Modified Date | updated | |
| 2023-01-19 14:12:34 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2023-01-19 14:12:35 | Weakness Enumeration | update | ||
| 2023-01-19 14:12:35 | CPE Information | updated |