CVE-2022-23090

EPSS 0.27%
Published 15.02.2024 06:15:45
Last modified 04.06.2025 21:59:04
Source secteam@freebsd.org
Teams watchlist Login
Open Login

The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.

An attacker may cause the reference count to overflow, leading to a use after free (UAF).

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version12.3 Updatebeta1

Freebsd ≫ Freebsd Version12.3 Updatep1

Freebsd ≫ Freebsd Version12.3 Updatep2

Freebsd ≫ Freebsd Version12.3 Updatep3

Freebsd ≫ Freebsd Version12.3 Updatep4

Freebsd ≫ Freebsd Version12.3 Updatep5

Freebsd ≫ Freebsd Version13.0 Updatebeta1

Freebsd ≫ Freebsd Version13.0 Updatebeta2

Freebsd ≫ Freebsd Version13.0 Updatebeta3

Freebsd ≫ Freebsd Version13.0 Updatebeta3-p1

Freebsd ≫ Freebsd Version13.0 Updatebeta4

Freebsd ≫ Freebsd Version13.0 Updatep1

Freebsd ≫ Freebsd Version13.0 Updatep10

Freebsd ≫ Freebsd Version13.0 Updatep11

Freebsd ≫ Freebsd Version13.0 Updatep2

Freebsd ≫ Freebsd Version13.0 Updatep3

Freebsd ≫ Freebsd Version13.0 Updatep4

Freebsd ≫ Freebsd Version13.0 Updatep5

Freebsd ≫ Freebsd Version13.0 Updatep6

Freebsd ≫ Freebsd Version13.0 Updatep7

Freebsd ≫ Freebsd Version13.0 Updatep8

Freebsd ≫ Freebsd Version13.0 Updatep9

Freebsd ≫ Freebsd Version13.0 Updaterc1

Freebsd ≫ Freebsd Version13.0 Updaterc2

Freebsd ≫ Freebsd Version13.0 Updaterc3

Freebsd ≫ Freebsd Version13.0 Updaterc4

Freebsd ≫ Freebsd Version13.0 Updaterc5

Freebsd ≫ Freebsd Version13.0 Updaterc5-p1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.506

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.7	2.5	5.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240415-0007/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-23090

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23090

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23090

EUVD