---

CVE-2022-29582 - log back

CVE-2022-29582 edited at 13 May 2022 19:20:22
Severity	- Unknown + High
Remote	- Unknown + Local
Type	- Unknown + Sandbox escape
Description	- In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. + A use-after-free flaw was found in the Linux kernel’s io_uring interface subsystem in the way a user triggers a race condition between timeout flush and removal. This flaw allows a local user to crash or escalate their privileges on the system.

CVE-2022-29582 edited at 03 May 2022 22:00:34
Description	+ In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
References	+ http://www.openwall.com/lists/oss-security/2022/04/22/4 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e677edbcabee849bfdd43f1602bccbecf736a646
Notes

CVE-2022-29582 created at 03 May 2022 21:48:44