CVE-2022-2585
MEDIUMLinux Kernel 5.7-5.10.137 - Use-After-Free in POSIX CPU Timer Handling
Title source: llmDescription
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-5566-1
Third Party Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-5564-1
Third Party Advisory issue-tracking
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585
Third Party Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-5567-1
Mailing List, Patch issue-tracking
https://lore.kernel.org/lkml/[email protected]/T/#u
Mailing List issue-tracking
https://www.openwall.com/lists/oss-security/2022/08/09/7
Third Party Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-5565-1
Scores
CVSS v3
5.3
EPSS
0.0041
EPSS Percentile
61.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (3)
canonical/ubuntu_linux
20.04
canonical/ubuntu_linux
22.04
linux/linux_kernel
5.7 - 5.10.137
Published
Jan 08, 2024
Tracked Since
Feb 18, 2026