[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2022-2585Date: (C)2022-08-24   (M)2024-04-30


It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.8CVSS Score :
Exploit Score: 1.8Exploit Score:
Impact Score: 5.9Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: LOWAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: HIGHAvailability:
Integrity: HIGH 
Availability: HIGH 
  
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585
https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u
https://ubuntu.com/security/notices/USN-5564-1
https://ubuntu.com/security/notices/USN-5565-1
https://ubuntu.com/security/notices/USN-5566-1
https://ubuntu.com/security/notices/USN-5567-1
https://www.openwall.com/lists/oss-security/2022/08/09/7

CWE    1
CWE-416
OVAL    29
oval:org.secpod.oval:def:1506028
oval:org.secpod.oval:def:707666
oval:org.secpod.oval:def:86492
oval:org.secpod.oval:def:1506030
...

© SecPod Technologies