CVE-2022-1976
HIGHLinux Kernel 5.17.3-5.18.5 - Use-After-Free in IO-URING
Title source: llmDescription
A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.
References (2)
Core 2
Core References
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2092549
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230214-0005/
Scores
CVSS v3
7.8
EPSS
0.0023
EPSS Percentile
13.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
linux/linux_kernel
5.17.3 - 5.18.6
Published
Aug 31, 2022
Tracked Since
Feb 18, 2026