NVD Vulnerability Detail

CVE-2022-2602

Summary	io_uring UAF, Unix SCM garbage collection
Publication Date	Jan. 9, 2024, 3:15 a.m.
Registration Date	Jan. 9, 2024, 10 a.m.
Last Update	Nov. 21, 2024, 4:01 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::			6.0.19

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:22.10::::-:::

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html
2	http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html
3	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602	Third Party Advisory
4	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602	Third Party Advisory
5	https://ubuntu.com/security/notices/USN-5691-1	Third Party Advisory
6	https://ubuntu.com/security/notices/USN-5691-1	Third Party Advisory
7	https://ubuntu.com/security/notices/USN-5692-1	Third Party Advisory
8	https://ubuntu.com/security/notices/USN-5692-1	Third Party Advisory
9	https://ubuntu.com/security/notices/USN-5693-1	Third Party Advisory
10	https://ubuntu.com/security/notices/USN-5693-1	Third Party Advisory
11	https://ubuntu.com/security/notices/USN-5700-1	Third Party Advisory
12	https://ubuntu.com/security/notices/USN-5700-1	Third Party Advisory
13	https://ubuntu.com/security/notices/USN-5752-1	Third Party Advisory
14	https://ubuntu.com/security/notices/USN-5752-1	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html

JVN Vulnerability Information

Linux の Linux Kernel 等複数ベンダの製品における解放済みメモリの使用に関する脆弱性

Title	Linux の Linux Kernel 等複数ベンダの製品における解放済みメモリの使用に関する脆弱性
Summary	Linux の Linux Kernel 等複数ベンダの製品には、解放済みメモリの使用に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 19, 2022, midnight
Registration Date	Feb. 5, 2024, 11:24 a.m.
Last Update	Feb. 5, 2024, 11:24 a.m.

Affected System

Canonical

Ubuntu 18.04

Ubuntu 20.04

Ubuntu 22.04

Ubuntu 22.10

Linux

Linux Kernel 6.0.19 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-2602	https://www.cve.org/CVERecord?id=CVE-2022-2602
National Vulnerability Database (NVD)
2	CVE-2022-2602	https://nvd.nist.gov/vuln/detail/CVE-2022-2602

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-416	https://cwe.mitre.org/data/definitions/416.html

ベンダー情報

No	Name	URL
Linux Kernel
1	Linux Kernel Archives	https://www.kernel.org
Ubuntu Security Notice
2	USN-5691-1	https://ubuntu.com/security/notices/USN-5691-1
3	USN-5692-1	https://ubuntu.com/security/notices/USN-5692-1
4	USN-5693-1	https://ubuntu.com/security/notices/USN-5693-1
5	USN-5700-1	https://ubuntu.com/security/notices/USN-5700-1
6	USN-5752-1	https://ubuntu.com/security/notices/USN-5752-1

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-23-166-11	https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11
JVN
2	JVNVU#99464755	https://jvn.jp/vu/JVNVU99464755/
関連文書
3	cve.mitre.org (CVE-2022-2602)	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602
4	packetstormsecurity.com (Linux-Broken-Unix-GC-Interaction-Use-After-Free)	http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html
5	ubuntu.com (USN-5691-1)	https://ubuntu.com/security/notices/USN-5691-1
6	ubuntu.com (USN-5692-1)	https://ubuntu.com/security/notices/USN-5692-1
7	ubuntu.com (USN-5693-1)	https://ubuntu.com/security/notices/USN-5693-1
8	ubuntu.com (USN-5700-1)	https://ubuntu.com/security/notices/USN-5700-1
9	ubuntu.com (USN-5752-1)	https://ubuntu.com/security/notices/USN-5752-1

Change Log

No	Changed Details	Date of change
1	[2024年02月02日] 掲載	Feb. 2, 2024, 11:08 a.m.