CVE-2022-2602

MEDIUM

io_uring - Use After Free

Title source: llm

Description

io_uring UAF, Unix SCM garbage collection

Exploits (3)

nomisec WORKING POC 86 stars

by kiks7 · poc

https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit

View Code ZIP pw:eip

nomisec WORKING POC 86 stars

by LukeGix · poc

https://github.com/LukeGix/CVE-2022-2602

View Code ZIP pw:eip

nomisec STUB 1 stars

by th3-5had0w · poc

https://github.com/th3-5had0w/CVE-2022-2602-Study

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory third-party-advisory

https://ubuntu.com/security/notices/USN-5692-1

Third Party Advisory third-party-advisory

https://ubuntu.com/security/notices/USN-5752-1

Third Party Advisory third-party-advisory

https://ubuntu.com/security/notices/USN-5693-1

Third Party Advisory issue-tracking

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602

Third Party Advisory third-party-advisory

https://ubuntu.com/security/notices/USN-5691-1

Third Party Advisory third-party-advisory

https://ubuntu.com/security/notices/USN-5700-1

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html

Scores

CVSS v3 5.3

EPSS 0.0132

EPSS Percentile 80.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (5)

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 20.04

canonical/ubuntu_linux 22.04

canonical/ubuntu_linux 22.10

linux/linux_kernel < 6.0.19

Published Jan 08, 2024

Tracked Since Feb 18, 2026