PT-2021-7582 · Linux+2 · Linux Kernel+2

Gengjia Chen

Published

2021-03-03

Updated

2023-01-20

CVE-2022-47946

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.10.x through 5.10.154

Description The issue is related to a use-after-free in the io sqpoll wait sq function in fs/io uring.c, which allows an attacker to crash the kernel, resulting in denial of service. The finish wait function can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it.

Recommendations For Linux kernel versions 5.10.x through 5.10.154, update to a version after 5.10.155 to resolve the issue. As a temporary workaround, consider restricting the use of the io sqpoll wait sq function in fs/io uring.c to minimize the risk of exploitation. Avoid forking and quickly terminating processes to reduce the likelihood of an attack.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2021-1447

ALT-PU-2021-1525

ALT-PU-2021-1869

ALT-PU-2021-1888

ALT-PU-2021-1896

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2022-3180

ALT-PU-2022-3206

ALT-PU-2022-3226

ALT-PU-2022-3285

ALT-PU-2022-3310

ALT-PU-2022-3311

BDU:2023-00159

CVE-2022-47946

OESA-2023-1038

OESA-2023-1039

Affected Products

Alt Linux

Astra Linux

Linux Kernel

PT-2021-7582 · Linux+2 · Linux Kernel+2

CVE-2022-47946

Weakness Enumeration

Related Identifiers

Affected Products

References · 24