Vulnerabilities > CVE-2022-3910 - Unspecified vulnerability in Linux Kernel

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

linux

NVD

Published: 2022-11-22

Updated: 2023-11-07

Summary

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 6.0 Linux Linux Kernel 5.18 Linux Linux Kernel 5.18.1 Linux Linux Kernel 5.18.2 Linux Linux Kernel 5.18.3 Linux Linux Kernel 5.18.4 Linux Linux Kernel 5.18.5 Linux Linux Kernel 5.18.6 Linux Linux Kernel 5.18.7 Linux Linux Kernel 5.18.8 Linux Linux Kernel 5.18.9 Linux Linux Kernel 5.18.10 Linux Linux Kernel 5.18.11 Linux Linux Kernel 5.18.12 Linux Linux Kernel 5.18.13 Linux Linux Kernel 5.18.14 Linux Linux Kernel 5.18.15 Linux Linux Kernel 5.18.16 Linux Linux Kernel 5.18.17 Linux Linux Kernel 5.18.18 Linux Linux Kernel 5.18.19 Linux Linux Kernel 5.19 Linux Linux Kernel 5.19.1 Linux Linux Kernel 5.19.2 Linux Linux Kernel 5.19.3 Linux Linux Kernel 5.19.4 Linux Linux Kernel 5.19.5 Linux Linux Kernel 5.19.6 Linux Linux Kernel 5.19.7 Linux Linux Kernel 5.19.8 Linux Linux Kernel 5.19.9 Linux Linux Kernel 5.19.10	52

Summary

Vulnerable Configurations

References