exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2022-2602

Status Candidate

Overview

io_uring UAF, Unix SCM garbage collection

Related Files

Linux Broken Unix GC Interaction Use-After-Free
Posted Jan 12, 2024
Authored by Jann Horn, Google Security Research

Linux suffers from an io_uring use-after-free vulnerability due to broken unix GC interaction.

tags | exploit
systems | linux, unix
advisories | CVE-2022-2602, CVE-2023-6531
SHA-256 | f69e0977a025727662a99855b4620c72daf61a181fc942af121b5a2aba667456
Ubuntu Security Notice USN-5752-1
Posted Dec 1, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5752-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2602, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
SHA-256 | 05aa0cd46145a27b1c0c31ef2c85839a398ff8a121c80b0e6376868c17e8e519
Kernel Live Patch Security Notice LSN-0090-1
Posted Nov 21, 2022
Authored by Benjamin M. Romer

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2022-1015, CVE-2022-2602, CVE-2022-41674, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
SHA-256 | c8b54fe7071577436d5dc780fd7a8a538a0ac9493dd4e3362ddd475aa5896c8c
Ubuntu Security Notice USN-5700-1
Posted Oct 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5700-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2602, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
SHA-256 | 0616f23cc8d31e59366551307b7cb748d2fd1d2a034df03ec9337c439f4db07f
Ubuntu Security Notice USN-5692-1
Posted Oct 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5692-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2602, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
SHA-256 | 338493434a5be8c82f48711bc041582c907cf71deac0cac516932ba12962a7c5
Ubuntu Security Notice USN-5691-1
Posted Oct 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5691-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2602, CVE-2022-41674, CVE-2022-42720, CVE-2022-42721
SHA-256 | b0d11c2875faf5dc0eba66e1a8fa7047568fc779aa888e03ead6fda5bf33cc46
Ubuntu Security Notice USN-5693-1
Posted Oct 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5693-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2022-2318, CVE-2022-2602, CVE-2022-2978, CVE-2022-3028, CVE-2022-40768, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
SHA-256 | b188fde6f7ada8ed2d80d51cefde2cc926159548905b92f8f3334d7b98c585e1
Debian Security Advisory 5257-1
Posted Oct 18, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2021-4037, CVE-2022-0171, CVE-2022-1184, CVE-2022-20421, CVE-2022-2602, CVE-2022-2663, CVE-2022-3061, CVE-2022-3176, CVE-2022-3303, CVE-2022-39188, CVE-2022-39842, CVE-2022-40307, CVE-2022-41674, CVE-2022-42719
SHA-256 | 385b8e712c28212598cf6de49f53f7eb2478d700f61c475c37b978c92ef570db
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close