Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-20153

Опубликовано: 23 мар. 2022
Источник: redhat
CVSS3: 6.7

Описание

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel

A use-after-free flaw was found in the Linux kernel’s io_uring (in fs/io_uring.c) when improper locking happens. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Отчет

At this time, no Red Hat Enterprise Linux products ship with support for this feature. There is an outstanding feature request for io_uring to be included with Red Hat Enterprise Linux 9.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelAffected
Red Hat Enterprise Linux 9kernel-rtAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2150845kernel: possible use-after-free due to improper locking in rcu_cblist_dequeue of rcu_segcblist.c

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-20153

CVSS3: 6.7
ubuntu
больше 3 лет назад

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel

nvd логотип

CVE-2022-20153

CVSS3: 6.7
nvd
больше 3 лет назад

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel

debian логотип

CVE-2022-20153

CVSS3: 6.7
debian
больше 3 лет назад

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-afte ...

github логотип

GHSA-v8wc-wjww-427g

CVSS3: 6.7
github
больше 3 лет назад

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel

fstec логотип

BDU:2024-04165

CVSS3: 6.7
fstec
почти 5 лет назад

Уязвимость функции rcu_cblist_dequeue в модуле rcu_segcblist.c ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии

6.7 Medium

CVSS3