CVE-2022-4696

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.160

Description The issue is related to a use-after-free vulnerability in the Linux kernel through io uring and the IORING OP SPLICE operation. If IORING OP SPLICE is missing the IO WQ WORK FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io splice on specific files will call the get uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability.

Recommendations To resolve the issue, upgrade to version 5.10.160 or above. As a temporary workaround, consider restricting access to the io uring subsystem and the IORING OP SPLICE operation to minimize the risk of exploitation. Avoid using the IO WQ WORK FILES flag in the IORING OP SPLICE operation until the issue is resolved.