1. Home
  2. Vulnerabilities
  3. CVE-2022-2585

CVE-2022-2585

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 2
Advisories 19
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Canonical Ltd.
Published Date
2024-01-08 18:15:44
(8 months ago)
Updated Date
2024-08-22 20:28:23
(3 weeks ago)

Affected Products

Canonical

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 5.7 version and prior 5.10.137 version cpe:2.3:o:linux:linux_kernel >= 5.7 < 5.10.137
  Linux Kernel from 5.11 version and prior 5.15.61 version cpe:2.3:o:linux:linux_kernel >= 5.11 < 5.15.61
  Linux Kernel from 5.16 version and prior 5.18.18 version cpe:2.3:o:linux:linux_kernel >= 5.16 < 5.18.18
  Linux Kernel from 5.19 version and prior 5.19.2 version cpe:2.3:o:linux:linux_kernel >= 5.19 < 5.19.2

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 20.04 cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts
  Canonical Ubuntu Linux 22.04 cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts