CVE-2022-2327

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-2327

CGA ID

CGA-2q6f-6x2c-h4cc

Severity

Unknown

Description

io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859

References

https://images.chainguard.dev/security/CGA-2q6f-6x2c-h4cc
https://github.com/advisories/GHSA-3xq4-8c55-jfwq
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=df3f3bb5059d20ef094d6b2f0256c4bf4127a859
https://security.netapp.com/advisory/ntap-20230203-0009/
https://kernel.dance/#df3f3bb5059d20ef094d6b2f0256c4bf4127a859
https://security-tracker.debian.org/tracker/CVE-2022-2327

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2022-2327

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources