Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-2585

Published: 9 August 2022

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

From the Ubuntu Security Team

It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

Notes

AuthorNote
sbeattie
introduced by 55e8c8eb2c7b ("posix-cpu-timers: Store a
reference to a pid not a task") (v5.7)

Priority

High

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.13.0-16.19)
focal Not vulnerable
(5.4.0-9.12)
jammy
Released (5.15.0-46.49)
kinetic
Released (5.19.0-18.18)
trusty Not vulnerable
(3.11.0-12.19)
upstream
Released (6.0~rc1)
xenial Not vulnerable
(4.4.0-2.16)
Patches:
Introduced by

55e8c8eb2c7b6bf30e99423ccfe7ca032f498f59

Fixed by e362359ace6f87c201531872486ff295df306d13|local-CVE-2022-2585-fix
ubuntu: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=3ed572c89bbe82ba6cde67ce18b025a69a537909
linux-aws
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1001.1)
focal Not vulnerable
(5.4.0-1005.5)
jammy
Released (5.15.0-1017.21)
kinetic Not vulnerable
(5.19.0-1007.7)
trusty Not vulnerable
(4.4.0-1002.2)
upstream
Released (6.0~rc1)
xenial Not vulnerable
(4.4.0-1001.10)
linux-aws-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-aws-5.3)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-aws-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.13)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.13)
xenial Does not exist

linux-aws-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.15)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.15)
xenial Does not exist

linux-aws-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1017.21~20.04.1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-aws-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.4)
xenial Does not exist

linux-aws-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1018.18~18.04.1)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-aws-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.11)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.11)
xenial Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Not vulnerable
(4.15.0-1030.31~16.04.1)
linux-azure
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
focal Not vulnerable
(5.4.0-1006.6)
jammy
Released (5.15.0-1017.20)
kinetic Not vulnerable
(5.19.0-1006.6)
trusty Not vulnerable
(4.15.0-1023.24~14.04.1)
upstream
Released (6.0~rc1)
xenial Not vulnerable
(4.11.0-1009.9)
linux-azure-4.15
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1082.92)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-azure-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.13)
trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.13)
xenial Does not exist

linux-azure-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.15)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.15)
xenial Does not exist

linux-azure-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1017.20~20.04.1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-azure-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.4)
xenial Does not exist

linux-azure-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1020.20~18.04.1)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-azure-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.11)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.11)
xenial Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-azure-fde
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Needs triage

jammy
Released (5.15.0-1017.20)
kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-azure-fde-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-bluefield
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.4.0-1007.10)
jammy Not vulnerable

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-dell300x
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1005.8)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-fips
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Ignored
(out of standard support)
linux-gcp
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gcp-5.3)
focal Not vulnerable
(5.4.0-1005.5)
jammy
Released (5.15.0-1016.21)
kinetic Not vulnerable
(5.19.0-1006.6)
trusty Does not exist

upstream
Released (6.0~rc1)
xenial Not vulnerable
(4.10.0-1004.4)
linux-gcp-4.15
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1071.81)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-gcp-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.13)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.13)
xenial Does not exist

linux-gcp-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.15)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.15)
xenial Does not exist

linux-gcp-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1016.21~20.04.1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gcp-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.4)
xenial Does not exist

linux-gcp-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1019.19~18.04.2)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-gcp-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.11)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.11)
xenial Does not exist

linux-gke
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.4.0-1033.35)
jammy
Released (5.15.0-1014.17)
kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Ignored
(reached end of standard support)
linux-gke-4.15
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gke-5.3)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-gke-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1014.17~20.04.1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gke-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gke-5.4)
xenial Does not exist

linux-gke-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1025.25~18.04.1)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-gkeop
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.4.0-1008.9)
jammy Pending
(5.15.0-1002.4)
kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-gkeop-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1001.1)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
bionic Ignored
(replaced by linux-hwe-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Not vulnerable
(4.8.0-39.42~16.04.1)
linux-hwe-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.13)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.13)
xenial Does not exist

linux-hwe-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.15)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.15)
xenial Does not exist

linux-hwe-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-46.49~20.04.1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-hwe-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-37.41~18.04.1)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-hwe-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.11)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.11)
xenial Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-hwe-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Ignored
(superseded by linux-hwe)
linux-ibm
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.4.0-1003.4)
jammy
Released (5.15.0-1012.14)
kinetic Not vulnerable
(5.19.0-1006.6)
trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-ibm-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1010.11~18.04.2)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-intel-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-intel-iotg
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy
Released (5.15.0-1013.17)
kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-intel-iotg-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Pending
(5.15.0-1015.20~20.04.2)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1002.2)
focal Not vulnerable
(5.4.0-1004.4)
jammy
Released (5.15.0-1016.19)
kinetic Not vulnerable
(5.19.0-1006.6)
trusty Does not exist

upstream
Released (6.0~rc1)
xenial Not vulnerable
(4.4.0-1004.9)
linux-lowlatency
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy
Released (5.15.0-46.49)
kinetic Not vulnerable
(5.19.0-1005.5)
trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-lowlatency-hwe-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-46.49~20.04.1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Not vulnerable
(4.4.0-13.29~14.04.1)
upstream
Released (6.0~rc1)
xenial Does not exist

linux-oem
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Ignored
(superseded by linux-hwe)
linux-oem-5.10
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-oem-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oem-5.14)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oem-5.14)
xenial Does not exist

linux-oem-5.14
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.14.0-1048.55)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-oem-5.17
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy
Released (5.17.0-1015.16)
kinetic Needed

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-oem-5.6
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-oem-6.0
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Needs triage

kinetic Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-oem-6.1
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Pending

kinetic Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1007.9)
focal Not vulnerable
(5.4.0-1005.5)
jammy
Released (5.15.0-1016.20)
kinetic Not vulnerable
(5.19.0-1006.6)
trusty Does not exist

upstream
Released (6.0~rc1)
xenial Not vulnerable
(4.15.0-1007.9~16.04.1)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-oracle-5.3)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-oracle-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.13)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.13)
xenial Does not exist

linux-oracle-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-oracle-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-oracle-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-oracle-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.4)
xenial Does not exist

linux-oracle-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1019.19~18.04.1)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-oracle-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.11)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.11)
xenial Does not exist

linux-raspi
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.4.0-1007.7)
jammy
Released (5.15.0-1013.15)
kinetic Pending
(5.19.0-1002.5)
trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-raspi-5.4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.4.0-1013.13~18.04.1)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.13.0-1005.5)
focal Ignored
(replaced by linux-raspi)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Ignored
(end of standard support)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-raspi-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-raspi2-5.4)
xenial Does not exist

linux-riscv
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.8)
jammy
Released (5.15.0-1017.19)
kinetic Needed

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Does not exist

linux-riscv-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.13)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-riscv-5.13)
xenial Does not exist

linux-riscv-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.11)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-riscv-5.11)
xenial Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.4.0-1077.82)
focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (6.0~rc1)
xenial Ignored
(end of standard support)