Vulnerability Details : CVE-2022-29582
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
Vulnerability category: Memory Corruption
Products affected by CVE-2022-29582
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-29582
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-29582
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST | |
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2022-29582
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-29582
-
http://www.openwall.com/lists/oss-security/2022/04/22/4
oss-security - Re: Linux: UaF due to concurrency issue in io_uring timeoutsMailing List;Third Party Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3
Mailing List;Vendor Advisory
-
https://github.com/Ruia-ruia/CVE-2022-29582-Exploit
GitHub - Ruia-ruia/CVE-2022-29582-Exploit: Exploit for CVE-2022-29582 targeting Google's Kernel CTFThird Party Advisory
-
https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/
CVE-2022-29582 - Computer security and related topicsExploit;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/04/24/3
oss-security - CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e677edbcabee849bfdd43f1602bccbecf736a646
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2022/08/08/3
oss-security - Re: Linux: UaF due to concurrency issue in io_uring timeoutsMailing List;Third Party Advisory
-
https://www.openwall.com/lists/oss-security/2022/04/22/3
oss-security - Linux: UaF due to concurrency issue in io_uring timeoutsMailing List;Third Party Advisory
-
https://github.com/torvalds/linux/commit/e677edbcabee849bfdd43f1602bccbecf736a646
io_uring: fix race between timeout flush and removal · torvalds/linux@e677edb · GitHubPatch;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5127
Debian -- Security Information -- DSA-5127-1 linuxThird Party Advisory
Jump to