CVE-2022-23090

Name of the Vulnerable Software and Affected Versions FreeBSD versions 11.0 through 13.0

Description The issue is related to the aio aqueue function used by the lio listio system call, which fails to release a reference to a credential in an error case. This can lead to a reference count overflow, resulting in a use after free (UAF) condition. An attacker may exploit this to execute arbitrary code. The estimated number of potentially affected devices is not specified.

Recommendations For FreeBSD versions 11.0 through 13.0, update to a version that includes the fix for the aio aqueue function reference count issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.