Your submission was sent successfully! Close

CVE-2022-2585

Published: 9 August 2022

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

From the Ubuntu security team

It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

Notes

AuthorNote
sbeattie
introduced by 55e8c8eb2c7b ("posix-cpu-timers: Store a
reference to a pid not a task") (v5.7)
Priority

High

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.13.0-16.19)
focal Not vulnerable
(5.4.0-9.12)
jammy
Released (5.15.0-46.49)
trusty Not vulnerable
(3.11.0-12.19)
upstream Needed

xenial Not vulnerable
(4.4.0-2.16)
Patches:
Introduced by

55e8c8eb2c7b6bf30e99423ccfe7ca032f498f59

Fixed by e362359ace6f87c201531872486ff295df306d13|local-CVE-2022-2585-fix
ubuntu: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=3ed572c89bbe82ba6cde67ce18b025a69a537909
linux-aws
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1001.1)
focal Not vulnerable
(5.4.0-1005.5)
jammy
Released (5.15.0-1017.21)
trusty Not vulnerable
(4.4.0-1002.2)
upstream Needed

xenial Not vulnerable
(4.4.0-1001.10)
linux-aws-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-aws-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-aws-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.13)
xenial Does not exist

linux-aws-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.15)
xenial Does not exist

linux-aws-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1017.21~20.04.1)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-aws-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.4)
xenial Does not exist

linux-aws-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1018.18~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-aws-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.11)
xenial Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.15.0-1030.31~16.04.1)
linux-azure
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
focal Not vulnerable
(5.4.0-1006.6)
jammy
Released (5.15.0-1017.20)
trusty Not vulnerable
(4.15.0-1023.24~14.04.1)
upstream Needed

xenial Not vulnerable
(4.11.0-1009.9)
linux-azure-4.15
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1082.92)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-azure-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.13)
trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.13)
xenial Does not exist

linux-azure-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.15)
xenial Does not exist

linux-azure-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1017.20~20.04.1)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-azure-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.4)
xenial Does not exist

linux-azure-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1020.20~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-azure-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.11)
xenial Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-azure-fde
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Needs triage

jammy Needs triage

trusty Does not exist

upstream Needed

xenial Does not exist

linux-bluefield
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.4.0-1007.10)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-dell300x
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1005.8)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-fips
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Not vulnerable

linux-gcp
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gcp-5.3)
focal Not vulnerable
(5.4.0-1005.5)
jammy
Released (5.15.0-1016.21)
trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.10.0-1004.4)
linux-gcp-4.15
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1071.81)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gcp-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.13)
xenial Does not exist

linux-gcp-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.15)
xenial Does not exist

linux-gcp-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1016.21~20.04.1)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gcp-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.4)
xenial Does not exist

linux-gcp-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1019.19~18.04.2)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gcp-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.11)
xenial Does not exist

linux-gke
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.4.0-1033.35)
jammy
Released (5.15.0-1014.17)
trusty Does not exist

upstream Needed

xenial Ignored
(reached end of standard support)
linux-gke-4.15
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gke-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gke-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1014.17~20.04.1)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gke-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gke-5.4)
xenial Does not exist

linux-gke-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1025.25~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gkeop
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.4.0-1008.9)
jammy Needed

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gkeop-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1001.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
bionic Ignored
(replaced by linux-hwe-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.8.0-39.42~16.04.1)
linux-hwe-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.13)
xenial Does not exist

linux-hwe-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.15)
xenial Does not exist

linux-hwe-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-46.49~20.04.1)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-hwe-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-37.41~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-hwe-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.11)
xenial Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-hwe-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Ignored
(superseded by linux-hwe)
linux-ibm
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.4.0-1003.4)
jammy
Released (5.15.0-1012.14)
trusty Does not exist

upstream Needed

xenial Does not exist

linux-ibm-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1010.11~18.04.2)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-intel-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-intel-iotg
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy
Released (5.15.0-1013.17)
trusty Does not exist

upstream Needed

xenial Does not exist

linux-intel-iotg-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Needed

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1002.2)
focal Not vulnerable
(5.4.0-1004.4)
jammy
Released (5.15.0-1016.19)
trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.4.0-1004.9)
linux-lowlatency
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy
Released (5.15.0-46.49)
trusty Does not exist

upstream Needed

xenial Does not exist

linux-lowlatency-hwe-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-46.49~20.04.1)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

trusty Not vulnerable
(4.4.0-13.29~14.04.1)
upstream Needed

xenial Does not exist

linux-oem
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Ignored
(superseded by linux-hwe)
linux-oem-5.10
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-oem-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oem-5.14)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oem-5.14)
xenial Does not exist

linux-oem-5.14
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.14.0-1048.55)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-oem-5.17
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy
Released (5.17.0-1015.16)
trusty Does not exist

upstream Needed

xenial Does not exist

linux-oem-5.6
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1007.9)
focal Not vulnerable
(5.4.0-1005.5)
jammy
Released (5.15.0-1016.20)
trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.15.0-1007.9~16.04.1)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-oracle-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-oracle-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.13)
xenial Does not exist

linux-oracle-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-oracle-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-oracle-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.4)
xenial Does not exist

linux-oracle-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1019.19~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-oracle-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.11)
xenial Does not exist

linux-raspi
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.4.0-1007.7)
jammy
Released (5.15.0-1013.15)
trusty Does not exist

upstream Needed

xenial Does not exist

linux-raspi-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1013.13~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.13.0-1005.5)
focal Ignored
(replaced by linux-raspi)
jammy Does not exist

trusty Does not exist

upstream Needed

xenial Ignored
(end of standard support)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-raspi-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-raspi2-5.4)
xenial Does not exist

linux-riscv
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.8)
jammy
Released (5.15.0-1017.19)
trusty Does not exist

upstream Needed

xenial Does not exist

linux-riscv-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-riscv-5.13)
xenial Does not exist

linux-riscv-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-riscv-5.11)
xenial Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.4.0-1077.82)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Needed

xenial Ignored
(end of standard support)