Bugzilla – Bug 1202094
VUL-0: CVE-2022-2585: kernel-source: use-after-free in POSIX CPU timer
Last modified: 2023-01-18 17:48:18 UTC
oss-security: CVE-2022-2585 - Linux kernel POSIX CPU timer UAF It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. An independent security researcher working with SSD Secure Disclosure discovered that this vulnerability could be exploited for Local Privilege Escalation. This bug was introduced by commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a task"), which is present since v5.7-rc1. This has been assigned CVE-2022-2585. A PoC that will trigger KASAN is going to be posted in a week. A fix has been sent to linux-kernel@vger.kernel.org and is at https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u.
SUSE-SU-2022:2803-1: An update that solves 5 vulnerabilities, contains 7 features and has 16 fixes is now available. Category: security (important) Bug References: 1190256,1190497,1199291,1199356,1199665,1201258,1201323,1201391,1201458,1201592,1201593,1201595,1201596,1201635,1201651,1201691,1201705,1201726,1201846,1201930,1202094 CVE References: CVE-2021-33655,CVE-2022-21505,CVE-2022-2585,CVE-2022-26373,CVE-2022-29581 JIRA References: SLE-21132,SLE-24569,SLE-24570,SLE-24571,SLE-24578,SLE-24635,SLE-24682 Sources used: openSUSE Leap 15.4 (src): dtb-aarch64-5.14.21-150400.24.18.1, kernel-64kb-5.14.21-150400.24.18.1, kernel-debug-5.14.21-150400.24.18.1, kernel-default-5.14.21-150400.24.18.1, kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4, kernel-docs-5.14.21-150400.24.18.1, kernel-kvmsmall-5.14.21-150400.24.18.1, kernel-obs-build-5.14.21-150400.24.18.1, kernel-obs-qa-5.14.21-150400.24.18.1, kernel-source-5.14.21-150400.24.18.1, kernel-syms-5.14.21-150400.24.18.1, kernel-zfcpdump-5.14.21-150400.24.18.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): kernel-default-5.14.21-150400.24.18.1 SUSE Linux Enterprise Module for Live Patching 15-SP4 (src): kernel-default-5.14.21-150400.24.18.1, kernel-livepatch-SLE15-SP4_Update_2-1-150400.9.5.2 SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src): kernel-default-5.14.21-150400.24.18.1 SUSE Linux Enterprise Module for Development Tools 15-SP4 (src): kernel-docs-5.14.21-150400.24.18.1, kernel-obs-build-5.14.21-150400.24.18.1, kernel-source-5.14.21-150400.24.18.1, kernel-syms-5.14.21-150400.24.18.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): kernel-64kb-5.14.21-150400.24.18.1, kernel-default-5.14.21-150400.24.18.1, kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4, kernel-source-5.14.21-150400.24.18.1, kernel-zfcpdump-5.14.21-150400.24.18.1 SUSE Linux Enterprise High Availability 15-SP4 (src): kernel-default-5.14.21-150400.24.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3288-1: An update that solves 25 vulnerabilities, contains four features and has 91 fixes is now available. Category: security (important) Bug References: 1023051,1032323,1065729,1156395,1189999,1190497,1192968,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198577,1198702,1198971,1199356,1199515,1200301,1200313,1200431,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201361,1201442,1201455,1201489,1201610,1201726,1201768,1201865,1201940,1201948,1201956,1202094,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202898,1202989,1203036,1203041,1203063,1203098,1203107,1203117,1203138,1203139,1203159 CVE References: CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-20368,CVE-2022-20369,CVE-2022-2585,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190 JIRA References: SLE-19359,SLE-23766,SLE-24572,SLE-24682 Sources used: openSUSE Leap 15.4 (src): kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1 SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src): kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done