Vulnerability Name: | CVE-2022-2602 (CCN-239588) | ||||||||||||||||
Assigned: | 2022-11-03 | ||||||||||||||||
Published: | 2022-11-03 | ||||||||||||||||
Updated: | 2022-11-03 | ||||||||||||||||
Summary: | Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw when an io_uring request is being processed. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. | ||||||||||||||||
CVSS v3 Severity: | 7.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||
CVSS v2 Severity: | 6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
| ||||||||||||||||
Vulnerability Consequences: | Gain Privilege | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-2602 Source: CCN Type: Red Hat Bugzilla - Bug 2139586 CVE-2022-2602 kernel: use-after-free when an io_uring request is being processed Source: XF Type: UNKNOWN linux-kernel-cve20222602-priv-esc(239588) Source: CCN Type: Linux Kernel GIT Repository io_uring/af_unix: defer registered files gc to io_uring release Source: CCN Type: Packet Storm Security [11-21-2022] Kernel Live Patch Security Notice LSN-0090-1 Source: CCN Type: ZDI-22-1462 (Pwn2Own) Linux Kernel io_uring Improper Update of Reference Count Privilege Escalation Vulnerability | ||||||||||||||||
Vulnerable Configuration: | Configuration CCN 1:![]() | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |