Showing 1 - 8 of 8

CVE-2022-2602

Status Candidate

Overview

io_uring UAF, Unix SCM garbage collection

Linux Broken Unix GC Interaction Use-After-Free: Posted Jan 12, 2024; Authored by Jann Horn, Google Security Research; Linux suffers from an io_uring use-after-free vulnerability due to broken unix GC interaction.; tags | exploit; systems | linux, unix; advisories | CVE-2022-2602, CVE-2023-6531; SHA-256 | f69e0977a025727662a99855b4620c72daf61a181fc942af121b5a2aba667456; Download | Favorite | View

Ubuntu Security Notice USN-5752-1: Posted Dec 1, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5752-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, overflow, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2022-2602, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722; SHA-256 | 05aa0cd46145a27b1c0c31ef2c85839a398ff8a121c80b0e6376868c17e8e519; Download | Favorite | View

Kernel Live Patch Security Notice LSN-0090-1: Posted Nov 21, 2022; Authored by Benjamin M. Romer; David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, kernel, local; systems | linux; advisories | CVE-2022-1015, CVE-2022-2602, CVE-2022-41674, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722; SHA-256 | c8b54fe7071577436d5dc780fd7a8a538a0ac9493dd4e3362ddd475aa5896c8c; Download | Favorite | View

Ubuntu Security Notice USN-5700-1: Posted Oct 26, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5700-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, overflow, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2022-2602, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722; SHA-256 | 0616f23cc8d31e59366551307b7cb748d2fd1d2a034df03ec9337c439f4db07f; Download | Favorite | View

Ubuntu Security Notice USN-5692-1: Posted Oct 20, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5692-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, overflow, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2022-2602, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722; SHA-256 | 338493434a5be8c82f48711bc041582c907cf71deac0cac516932ba12962a7c5; Download | Favorite | View

Ubuntu Security Notice USN-5691-1: Posted Oct 20, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5691-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, overflow, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2022-2602, CVE-2022-41674, CVE-2022-42720, CVE-2022-42721; SHA-256 | b0d11c2875faf5dc0eba66e1a8fa7047568fc779aa888e03ead6fda5bf33cc46; Download | Favorite | View

Ubuntu Security Notice USN-5693-1: Posted Oct 20, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5693-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.; tags | advisory, denial of service, arbitrary, kernel, local, vulnerability, protocol; systems | linux, ubuntu; advisories | CVE-2022-2318, CVE-2022-2602, CVE-2022-2978, CVE-2022-3028, CVE-2022-40768, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722; SHA-256 | b188fde6f7ada8ed2d80d51cefde2cc926159548905b92f8f3334d7b98c585e1; Download | Favorite | View

Debian Security Advisory 5257-1: Posted Oct 18, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.; tags | advisory, denial of service, kernel, vulnerability; systems | linux, debian; advisories | CVE-2021-4037, CVE-2022-0171, CVE-2022-1184, CVE-2022-20421, CVE-2022-2602, CVE-2022-2663, CVE-2022-3061, CVE-2022-3176, CVE-2022-3303, CVE-2022-39188, CVE-2022-39842, CVE-2022-40307, CVE-2022-41674, CVE-2022-42719; SHA-256 | 385b8e712c28212598cf6de49f53f7eb2478d700f61c475c37b978c92ef570db; Download | Favorite | View

Page 1 of 1 Back 1 Next