Auto-merge PR#7276

2025-08-04 08:44:25 +00:00 · 2022-09-16 09:55:14 -04:00 · 2022-09-16 09:55:14 -04:00 · d779ac41c0
commit d779ac41c0
parent b4762669fe 250ed4fa90
1 changed files with 94 additions and 16 deletions
--- a/2022/3xxx/CVE-2022-3176.json
+++ b/2022/3xxx/CVE-2022-3176.json
@ -1,18 +1,96 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
  "CVE_data_meta": {
+      "ASSIGNER": "security@google.com",
+      "DATE_PUBLIC": "2022-08-31T22:00:00.000Z",
      "ID": "CVE-2022-3176",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+      "STATE": "PUBLIC",
+      "TITLE": "Use-after-free in io_uring in Linux Kernel"
  },
+  "affects": {
+      "vendor": {
+          "vendor_data": [
+              {
+                  "product": {
+                      "product_data": [
+                          {
+                              "product_name": "Kernel",
+                              "version": {
+                                  "version_data": [
+                                      {
+                                          "version_affected": "<",
+                                          "version_value": "fc78b2fc21f10c4c9c4d5d659a685710ffa63659"
+                                      }
+                                  ]
+                              }
+                          }
+                      ]
+                  },
+                  "vendor_name": "Linux"
+              }
+          ]
+      }
+  },
+  "credit": [
+    {
+        "lang": "eng",
+        "value": "Bing-Jhong Billy Jheng <billy@starlabs.sg>"
+    }
+],
+  "data_format": "MITRE",
+  "data_type": "CVE",
+  "data_version": "4.0",
  "description": {
      "description_data": [
          {
              "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+              "value": "There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659"
+          }
+      ]
+  },
+  "generator": {
+      "engine": "Vulnogram 0.0.9"
+  },
+  "impact": {
+    "cvss": {
+        "attackComplexity": "LOW",
+        "attackVector": "LOCAL",
+        "availabilityImpact": "HIGH",
+        "baseScore": 7.8,
+        "baseSeverity": "HIGH",
+        "confidentialityImpact": "HIGH",
+        "integrityImpact": "HIGH",
+        "privilegesRequired": "LOW",
+        "scope": "UNCHANGED",
+        "userInteraction": "NONE",
+        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+        "version": "3.1"
+    }
+},
+  "problemtype": {
+      "problemtype_data": [
+          {
+              "description": [
+                  {
+                      "lang": "eng",
+                      "value": "CWE-416 Use After Free"
                  }
              ]
          }
+      ]
+  },
+  "references": {
+      "reference_data": [
+          {
+              "refsource": "CONFIRM",
+              "url": "https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659"
+          },
+          {
+              "refsource": "CONFIRM",
+              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?h=linux-5.4.y&id=fc78b2fc21f10c4c9c4d5d659a685710ffa63659"
+          }
+      ]
+  },
+  "source": {
+      "discovery": "EXTERNAL"
+  }
 }