CVE-2022-3910

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 6.0

Description The issue is related to an improper update of reference count in io uring, leading to Use-After-Free and Local Privilege Escalation. When io msg ring is invoked with a fixed file, it calls io fput file(), which improperly decreases its reference count. Fixed files are permanently registered to the ring and should not be put separately.

Recommendations To resolve the issue, upgrade past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679. As a temporary workaround, consider disabling the io fput file() function until a patch is available. Restrict access to the vulnerable module io uring to minimize the risk of exploitation. Avoid using the io msg ring function with fixed files until the issue is resolved.