active/CVE-2022-2585


1
2
3
4
5
6
7
8
9
10
11
12
13
14

Description: Linux kernel POSIX CPU timer UAF
References:
 https://www.openwall.com/lists/oss-security/2022/08/09/7
 https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u
 https://www.openwall.com/lists/oss-security/2022/08/18/3
Notes:
 carnil> Fixed as well in 5.18.18 for 5.18.y and in 5.19.2 for 5.19.y.
Bugs:
upstream: released (6.0-rc1) [e362359ace6f87c201531872486ff295df306d13]
5.10-upstream-stable: needed
4.19-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (5.18.16-1) [bugfix/all/posix-cpu-timers-Cleanup-CPU-timers-before-freeing-t.patch]
5.10-bullseye-security: released (5.10.136-1) [bugfix/all/posix-cpu-timers-Cleanup-CPU-timers-before-freeing-t.patch]
4.19-buster-security: N/A "Vulnerable code introduced later"