Bug 2078456 (CVE-2022-29582) - CVE-2022-29582 kernel: Race condition that allows container escape to system root
Summary: CVE-2022-29582 kernel: Race condition that allows container escape to system ...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-29582
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2078476
Blocks: 2078145
TreeView+ depends on / blocked
 
Reported: 2022-04-25 11:36 UTC by Alex
Modified: 2022-10-03 16:08 UTC (History)
48 users (show)

Fixed In Version: kernel 5.18 rc2
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel’s io_uring interface subsystem in the way a user triggers a race condition between timeout flush and removal. This flaw allows a local user to crash or escalate their privileges on the system.
Clone Of:
Environment:
Last Closed: 2022-04-25 20:46:00 UTC
Embargoed:

Attachments (Terms of Use)

Description Alex 2022-04-25 11:36:02 UTC 
A flaw use-after-free found in Linux Kernel fs/io_uring.c that is result of race condition in io_uring timeouts.
This flaw may allow a local attacker to escalate privileges.

References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e677edbcabee849bfdd43f1602bccbecf736a646
https://www.openwall.com/lists/oss-security/2022/04/22/3
Comment 2 Alex 2022-04-25 12:34:42 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2078476]
Comment 3 Product Security DevOps Team 2022-04-25 20:45:56 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-29582
Comment 4 Justin M. Forbes 2022-04-28 12:37:39 UTC 
This was fixed for Fedora with the 5.16.20 stable kernels (and in the 5.17.3 F36 kernel)
Note You need to log in before you can comment on or make changes to this bug.