CVE-2022-47946

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.

Se descubrió un problema en el kernel de Linux 5.10.x anterior a 5.10.155. Un use after free en io_sqpoll_wait_sq en fs/io_uring.c permite a un atacante bloquear el kernel, lo que resulta en denegación de servicio. Finish_wait se puede omitir. En algunas situaciones puede ocurrir un ataque al bifurcar un proceso y luego finalizarlo rápidamente. NOTA: las versiones posteriores del kernel, como la serie a largo plazo 5.15, cambiaron sustancialmente la implementación de io_sqpoll_wait_sq.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-12-23 CVE Reserved
2022-12-23 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-08-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-416: Use After Free

CAPEC

References (3)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2022/12/27/1	Mailing List

URL	Date	SRC
https://www.openwall.com/lists/oss-security/2022/12/22/2	2024-08-03

URL	Date	SRC
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86	2023-01-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.10.155 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.10.155"		-		Affected