2155840 – (CVE-2022-47946) CVE-2022-47946 Linux kernel: use-after-free in io_sqpoll_wait_sq

Bug 2155840 (CVE-2022-47946) - CVE-2022-47946 Linux kernel: use-after-free in io_sqpoll_wait_sq

Summary: CVE-2022-47946 Linux kernel: use-after-free in io_sqpoll_wait_sq

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-47946
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2156539 2156540
Blocks:	2155842
TreeView+	depends on / blocked

Reported:	2022-12-22 15:14 UTC by Sage McTaggart
Modified:	2023-03-15 10:07 UTC (History)
CC List:	51 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-12-27 13:48:20 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sage McTaggart 2022-12-22 15:14:32 UTC

An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86
https://www.openwall.com/lists/oss-security/2022/12/22/2

Comment 2 Alex 2022-12-27 12:13:08 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-36 [bug 2156539]
Affects: fedora-37 [bug 2156540]

Comment 4 Justin M. Forbes 2022-12-31 15:48:58 UTC

(In reply to Alex from comment #2)
> Created kernel tracking bugs for this issue:
> 
> Affects: fedora-36 [bug 2156539]
> Affects: fedora-37 [bug 2156540]

We typically create a single Fedora tracking bug which covers all releases. As I keep all Fedora releases on the same kernel version, maintained out of the same source tree, it either impacts all or none, and updates are filed at the same time for all releases.

Comment 5 Justin M. Forbes 2022-12-31 15:53:45 UTC

This was fixed for Fedora with the 5.12 kernel rebases.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bhu
bskeggs
chwhite
crwood
ddepaula
debarbos
dfreiber
dhoward
dvlasenk
ezulian
fhrbata
hdegoede
hkrzesin
hpa
jarod
jarodwilson
jburrell
jfaracco
jferlan
jforbes
jglisse
jlelli
joe.lawrence
josef
jshortt
jstancek
jwyatt
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
lleshchi
lzampier
masami256
mchehab
nmurray
ptalbert
qzhao
rogbas
rvrbovsk
scweaver
steved
tyberry
vkumar
walters
williams