Vulnerability Details : CVE-2022-3910
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
Vulnerability category: Memory CorruptionGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2022-3910
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 7 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-3910
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
cve-coordination@google.com |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
nvd@nist.gov |
CWE ids for CVE-2022-3910
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by:
- cve-coordination@google.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-3910
-
https://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679
🐧🕺Patch;Third Party Advisory
-
https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
io_uring/msg_ring: check file type before putting · torvalds/linux@fc7222c · GitHubPatch;Third Party Advisory
Products affected by CVE-2022-3910
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:*