summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2022-2602
blob: ce5b755e46dc6aea6d4bf5922b4314429b8691e5 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14

Description: io_uring/af_unix: defer registered files gc to io_uring release
References:
 https://www.openwall.com/lists/oss-security/2022/10/18/4
 https://www.openwall.com/lists/oss-security/2022/10/27/3
 https://blog.hacktivesecurity.com/index.php/2022/12/21/cve-2022-2602-dirtycred-file-exploitation-applied-on-an-io_uring-uaf/
Notes:
 carnil> For 6.0.y fixed in 6.0.3.
Bugs:
upstream: released (6.1-rc1) [0091bfc81741b8d3aeb3b7ab8636f911b2de6e80]
5.10-upstream-stable: released (5.10.150) [c378c479c5175833bb22ff71974cda47d7b05401]
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.0.3-1)
5.10-bullseye-security: released (5.10.148-1) [bugfix/all/io_uring-af_unix-defer-registered-files-gc-to-io_uri.patch]
4.19-buster-security: N/A "Vulnerable code not present"

© 2014-2024 Faster IT GmbH | imprint | privacy policy