CVE-2022-2327

HIGH

Linux Kernel - Use After Free

Title source: llm

Description

io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859

References (3)

[Mailing List, Patch, Vendor Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=df3f3bb5059d20ef094d6b2f0256c4bf4127a859

[Patch, Third Party Advisory] https://kernel.dance/#df3f3bb5059d20ef094d6b2f0256c4bf4127a859

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20230203-0009/

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 8.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Classification

CWE

CWE-415 CWE-416

Status published

Affected Products (1)

linux/linux_kernel

Timeline

Published Jul 22, 2022

Tracked Since Feb 18, 2026