Main Vulnerability Database Exploits ID:8685 - Exploit for Use-after-free in Linux kernel - CVE-2022-2602

ID:8685 - Exploit for Use-after-free in Linux kernel - CVE-2022-2602

Published: December 20, 2022

Vulnerability identifier: #VU68423

Vulnerability risk: Low

CVE-ID: CVE-2022-2602

CWE-ID: CWE-416

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error caused by an io_uring request, which is being processed on a registered file. The Unix GC runs and frees the io_uring file descriptor and all the registered file descriptors in a specific order that may allow a local user to win a race and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

ID:8685 - Exploit for Use-after-free in Linux kernel - CVE-2022-2602

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human