ASB-A-231494876
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-231494876.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-231494876
- Aliases
-
- A-231494876
- CVE-2022-29582
- Published
- 2022-09-01T00:00:00Z
- Modified
- 2025-11-21T16:23:56.435667Z
- Summary
- [none]
- Details
-
In fs, there is a possible use-after-free due to a race condition in io_uring timeouts. This could lead to local escalation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/kernel/common/+/4b895c556fa46acaa95bf27c95e4f9449ff4d17a"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 617.0,
"function_hash": "43074021457514687395697517183641958809"
},
"target": {
"file": "fs/io_uring.c",
"function": "io_flush_timeouts"
},
"source": "https://android.googlesource.com/kernel/common/+/4b895c556fa46acaa95bf27c95e4f9449ff4d17a",
"signature_version": "v1",
"id": "ASB-A-231494876-3c10ab71"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"166213164905616798442702210715135217555",
"38034881214551463394167694264457392786",
"298542725374194033207080765061799153352",
"284689179035732435108245531252381961948",
"286787944774332086122372438930331685845",
"326686575877694277524474573323978279554",
"306345494754606848400784569904314576684",
"211432475309786876401950240481754390093",
"104285536753074518661356789773234767091",
"36068795037626440509808809136235567104",
"9373411352586735479019573266403788983",
"114763145292153712131505117664994001068",
"32125398790148285527765954021142472167",
"76613512002614825014852177185782788614",
"330526412364070490882544705275012451583",
"136742949318375340781908705800389189714",
"109622292302761488033628072790733865073",
"200137944223419748202476380241281925103",
"20400196363749282624638362549130139128",
"2877787691440934636922516567433787222",
"166531141786651239751160552142163579673",
"214967927159089070819298592580579027972",
"316072444620923174271744297855646342359",
"266309978127272310547281358981072485831",
"29666768274152184127590583953305652942",
"305116825448308969505468737967983900159",
"139631206780381122850498719802233854674",
"172401547407543424648223052855122691790"
],
"threshold": 0.9
},
"target": {
"file": "fs/io_uring.c"
},
"source": "https://android.googlesource.com/kernel/common/+/4b895c556fa46acaa95bf27c95e4f9449ff4d17a",
"signature_version": "v1",
"id": "ASB-A-231494876-72f1a540"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 882.0,
"function_hash": "34908908615115264513526277678453656086"
},
"target": {
"file": "fs/io_uring.c",
"function": "io_timeout_prep"
},
"source": "https://android.googlesource.com/kernel/common/+/4b895c556fa46acaa95bf27c95e4f9449ff4d17a",
"signature_version": "v1",
"id": "ASB-A-231494876-aea939c2"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 703.0,
"function_hash": "250832103600064856629235858201995071592"
},
"target": {
"file": "fs/io_uring.c",
"function": "io_link_timeout_fn"
},
"source": "https://android.googlesource.com/kernel/common/+/4b895c556fa46acaa95bf27c95e4f9449ff4d17a",
"signature_version": "v1",
"id": "ASB-A-231494876-d5578fe6"
}
],
"types": [
"EoP"
],
"spl": "2022-09-05",
"severity": "High"
}