CVE-2022-2602

Published Jan 8, 2024

Last updated 2 years ago

CVSS medium 5.3

Overview

AI description

Automated description summarized from trusted sources.

CVE-2022-2602 is a use-after-free (UAF) vulnerability found within the Linux kernel's `io_uring` subsystem. This flaw arises from a race condition that occurs during the interaction between `io_uring` requests and the Unix socket garbage collector. Specifically, registered file descriptors can be prematurely freed by the Unix garbage collector while `io_uring` is still actively processing them, leading to memory corruption. This vulnerability impacts the registered file descriptor functionality in `io_uring`, allowing for a scenario where a freed file structure can be re-used with an `io_uring` operation. Attackers can exploit this by registering a file, having it freed by the Unix Garbage Collector, and then manipulating the system to reuse the freed memory, potentially with a different file, to achieve unintended write operations.

Description
io_uring UAF, Unix SCM garbage collection
Source
security@ubuntu.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@ubuntu.com
CWE-416
nvd@nist.gov
CWE-416

Social media

Hype score
Not currently trending

  1. 2026 Linux 重置密码教程大全 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @furlingdu

    1 Jun 2026

    158 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300) -PinTheft (CVE-2026-43494)

    @luadoles

    22 May 2026

    193 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Linux 重置密码大全 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300) -PinTheft (CVE-2026-4

    @hsn8086k

    22 May 2026

    37707 Impressions

    101 Retweets

    633 Likes

    317 Bookmarks

    40 Replies

    7 Quotes

  4. 2026 Linux 如何重置密碼 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @sayaalauun

    14 May 2026

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Them: Linux is most secure OS Me: Yes - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @hetmehtaa

    14 May 2026

    72711 Impressions

    41 Retweets

    378 Likes

    163 Bookmarks

    40 Replies

    15 Quotes

  6. 2026 Linux 重置密码教程大全 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @hsn8086k

    14 May 2026

    69819 Impressions

    179 Retweets

    1061 Likes

    459 Bookmarks

    12 Replies

    11 Quotes

Configurations

References

Sources include official advisories and independent security research.