Home

CVE-2022-1786

Description

A use-after-free flaw was found in the Linux kernels io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.014

Associated Vulnerability

VulnerabilityOS Platform
Kernel-uek update (ELSA-2022-9479) kernel-uek-5.4.17-2136.308.7.el8uek.x86_64.rpmLinux
Kernel-uek-debug update (ELSA-2022-9479) kernel-uek-debug-5.4.17-2136.308.7.el8uek.x86_64.rpmLinux
Kernel-uek-debug-devel update (ELSA-2022-9479) kernel-uek-debug-devel-5.4.17-2136.308.7.el8uek.x86_64.rpmLinux
Kernel-uek-devel update (ELSA-2022-9479) kernel-uek-devel-5.4.17-2136.308.7.el8uek.x86_64.rpmLinux
Kernel-uek-doc update (ELSA-2022-9479) kernel-uek-doc-5.4.17-2136.308.7.el8uek.noarch.rpmLinux
Kernel-uek-container update (ELSA-2022-9480) kernel-uek-container-5.4.17-2136.308.7.el8.x86_64.rpmLinux
Kernel-uek-container-debug update (ELSA-2022-9480) kernel-uek-container-debug-5.4.17-2136.308.7.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234