Your submission was sent successfully! Close

CVE-2022-3176

Published: 16 September 2022

There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659

From the Ubuntu Security Team

Eric Biggers discovered that a use-after-free vulnerability existed in the io_uring subsystem in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.13.0-16.19)
focal
Released (5.4.0-128.144)
jammy
Released (5.15.0-50.56)
kinetic Not vulnerable
(5.19.0-15.15)
trusty Not vulnerable
(3.11.0-12.19)
upstream
Released (5.17~rc1)
xenial Not vulnerable
(4.4.0-2.16)
Patches:
Introduced by

221c5eb2338232f7340386de1c43decc32682e58

Fixed by 791f3465c4afde02d7f16cf7424ca87070b69396|fc78b2fc21f10c4c9c4d5d659a685710ffa63659|e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
linux-aws
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1001.1)
focal
Released (5.4.0-1086.93)
jammy
Released (5.15.0-1021.25)
kinetic Not vulnerable
(5.19.0-1005.5)
trusty Not vulnerable
(4.4.0-1002.2)
upstream
Released (5.17~rc1)
xenial Not vulnerable
(4.4.0-1001.10)
linux-aws-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-aws-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-aws-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.13)
xenial Does not exist

linux-aws-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.15)
xenial Does not exist

linux-aws-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1021.25~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-aws-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.4)
xenial Does not exist

linux-aws-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1086.93~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-aws-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.11)
xenial Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Not vulnerable
(4.15.0-1030.31~16.04.1)
linux-azure
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
focal Pending
(5.4.0-1094.100)
jammy
Released (5.15.0-1021.26)
kinetic Not vulnerable
(5.19.0-1004.4)
trusty Not vulnerable
(4.15.0-1023.24~14.04.1)
upstream
Released (5.17~rc1)
xenial Not vulnerable
(4.11.0-1009.9)
linux-azure-4.15
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1082.92)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-azure-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.13)
xenial Does not exist

linux-azure-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.15)
xenial Does not exist

linux-azure-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1021.26~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-azure-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.4)
xenial Does not exist

linux-azure-5.4
Launchpad, Ubuntu, Debian
bionic Pending
(5.4.0-1094.100~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-azure-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.11)
xenial Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-azure-fde
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1092.97+cvm1.1)
jammy
Released (5.15.0-1021.26)
trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-azure-fde-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.15.0-1019.24~20.04.1.1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-bluefield
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1047.52)
jammy Not vulnerable
(5.15.0-1009.11)
trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-dell300x
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1005.8)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-fips
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

trusty Ignored
(out of standard support)
upstream
Released (5.17~rc1)
xenial Ignored
(out of standard support)
linux-gcp
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gcp-5.3)
focal
Released (5.4.0-1090.98)
jammy
Released (5.15.0-1019.25)
kinetic Not vulnerable
(5.19.0-1004.4)
trusty Does not exist

upstream
Released (5.17~rc1)
xenial Not vulnerable
(4.10.0-1004.4)
linux-gcp-4.15
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1071.81)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-gcp-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.13)
xenial Does not exist

linux-gcp-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.15)
xenial Does not exist

linux-gcp-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Pending
(5.15.0-1021.28~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gcp-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.4)
xenial Does not exist

linux-gcp-5.4
Launchpad, Ubuntu, Debian
bionic Pending
(5.4.0-1092.101~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-gcp-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.11)
xenial Does not exist

linux-gke
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1084.90)
jammy
Released (5.15.0-1017.20)
kinetic Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Ignored
(reached end of standard support)
linux-gke-4.15
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gke-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-gke-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Pending
(5.15.0-1019.23~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gke-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gke-5.4)
xenial Does not exist

linux-gke-5.4
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-gkeop
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1054.57)
jammy
Released (5.15.0-1004.6)
trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-gkeop-5.4
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
bionic Ignored
(replaced by linux-hwe-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Not vulnerable
(4.8.0-39.42~16.04.1)
linux-hwe-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.13)
xenial Does not exist

linux-hwe-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.15)
xenial Does not exist

linux-hwe-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-50.56~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-hwe-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-128.144~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-hwe-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.11)
xenial Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-hwe-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Ignored
(superseded by linux-hwe)
linux-ibm
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1034.38)
jammy
Released (5.15.0-1015.17)
kinetic Not vulnerable
(5.19.0-1004.4)
trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-ibm-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1034.38~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-intel-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-intel-iotg
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy
Released (5.15.0-1017.22)
kinetic Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-intel-iotg-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Pending
(5.15.0-1017.22~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1002.2)
focal
Released (5.4.0-1076.81)
jammy
Released (5.15.0-1019.23)
kinetic Not vulnerable
(5.19.0-1004.4)
trusty Does not exist

upstream
Released (5.17~rc1)
xenial Not vulnerable
(4.4.0-1004.9)
linux-lowlatency
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy
Released (5.15.0-50.56)
kinetic Not vulnerable
(5.19.0-1003.3)
trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-lowlatency-hwe-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-50.56~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

trusty Not vulnerable
(4.4.0-13.29~14.04.1)
upstream
Released (5.17~rc1)
xenial Does not exist

linux-oem
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Ignored
(superseded by linux-hwe)
linux-oem-5.10
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-oem-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oem-5.14)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oem-5.14)
xenial Does not exist

linux-oem-5.14
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Needed

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-oem-5.17
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Not vulnerable
(5.17.0-1003.3)
kinetic Needs triage

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-oem-5.6
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1007.9)
focal
Released (5.4.0-1084.92)
jammy
Released (5.15.0-1019.24)
kinetic Not vulnerable
(5.19.0-1004.4)
trusty Does not exist

upstream
Released (5.17~rc1)
xenial Not vulnerable
(4.15.0-1007.9~16.04.1)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-oracle-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-oracle-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.13)
xenial Does not exist

linux-oracle-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-oracle-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Pending
(5.15.0-1019.24~20.04.1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-oracle-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-oracle-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.4)
xenial Does not exist

linux-oracle-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1084.92~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-oracle-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.11)
xenial Does not exist

linux-raspi
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1071.81)
jammy
Released (5.15.0-1016.18)
kinetic Not vulnerable
(5.19.0-1001.3)
trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-raspi-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1071.81~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.13.0-1005.5)
focal Ignored
(replaced by linux-raspi)
jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Ignored
(end of standard support)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-raspi-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-raspi2-5.4)
xenial Does not exist

linux-riscv
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.8)
jammy
Released (5.15.0-1020.23)
kinetic Not vulnerable
(5.19.0-1002.2)
trusty Does not exist

upstream
Released (5.17~rc1)
xenial Does not exist

linux-riscv-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-riscv-5.13)
xenial Does not exist

linux-riscv-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-riscv-5.11)
xenial Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.4.0-1077.82)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.17~rc1)
xenial Ignored
(end of standard support)