Vulnerability Description
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.7, < 5.10.137 |
| Canonical | Ubuntu Linux | 20.04 |
Related Weaknesses (CWE)
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585Third Party Advisory
- https://lore.kernel.org/lkml/[email protected]/T/#uMailing ListPatch
- https://ubuntu.com/security/notices/USN-5564-1Third Party Advisory
- https://ubuntu.com/security/notices/USN-5565-1Third Party Advisory
- https://ubuntu.com/security/notices/USN-5566-1Third Party Advisory
- https://ubuntu.com/security/notices/USN-5567-1Third Party Advisory
- https://www.openwall.com/lists/oss-security/2022/08/09/7Mailing List
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585Third Party Advisory
- https://lore.kernel.org/lkml/[email protected]/T/#uMailing ListPatch
- https://ubuntu.com/security/notices/USN-5564-1Third Party Advisory
- https://ubuntu.com/security/notices/USN-5565-1Third Party Advisory
- https://ubuntu.com/security/notices/USN-5566-1Third Party Advisory
- https://ubuntu.com/security/notices/USN-5567-1Third Party Advisory
- https://www.openwall.com/lists/oss-security/2022/08/09/7Mailing List
FAQ
What is CVE-2022-2585?
CVE-2022-2585 is a vulnerability with a CVSS score of 5.3 (MEDIUM). It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
How severe is CVE-2022-2585?
CVE-2022-2585 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2585?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux.