Wind River Support Network

HomeDefectsLINCD-10346
Fixed

LINCD-10346 : Security Advisory - linux - CVE-2022-3176

Created: Sep 17, 2022    Updated: Nov 13, 2022
Resolved Date: Oct 30, 2022
Found In Version: 10.20.6.0
Fix Version: 10.22.45.0
Severity: Standard
Applicable for: Wind River Linux CD
Component/s: Kernel

Description

There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659

CREATE(Triage):(User=admin) CVE-2022-3176 (https://nvd.nist.gov/vuln/detail/CVE-2022-3176)

CVEs


Live chat
Online