CVE-2022-29582 – CVE-2022-29582 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2022-29582?

CVE-2022-29582 has a CVSS score of 7.0 (HIGH). CVE-2022-29582 is a use-after-free vulnerability in the Linux kernel's io_uring subsystem caused by a race condition in timeout handling. This allows a local attacker to potentially execute arbitrary code or crash the system, though exploitation is difficult due to the race condition nature. Systems running Linux kernel versions before 5.17.3 are affected.

📋 TL;DR

CVE-2022-29582 is a use-after-free vulnerability in the Linux kernel's io_uring subsystem caused by a race condition in timeout handling. This allows a local attacker to potentially execute arbitrary code or crash the system, though exploitation is difficult due to the race condition nature. Systems running Linux kernel versions before 5.17.3 are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: All versions before 5.17.3

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires io_uring subsystem to be enabled (default in most modern kernels). Local user access is required.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, arbitrary code execution, or kernel panic leading to denial of service.

🟠

Likely Case

Kernel crash or denial of service due to the difficulty of reliably triggering the race condition.

🟢

If Mitigated

Minimal impact if proper access controls prevent local user execution or if the race condition cannot be triggered.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring user access to the system.

🏢 Internal Only: MEDIUM - Local users could potentially exploit this, but the race condition makes reliable exploitation difficult.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires winning a race condition, making reliable attacks difficult. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.17.3 and later

Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.17.3 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable io_uring module

linux

Prevent loading of the vulnerable io_uring kernel module

echo 'blacklist io_uring' >> /etc/modprobe.d/blacklist-io_uring.conf
update-initramfs -u
reboot

Restrict local user access

all

Limit which users can execute programs on the system

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local user execution
Monitor system logs for kernel panic or crash events related to io_uring

🔍 How to Verify

Check if Vulnerable:

Check kernel version with 'uname -r' and compare to 5.17.3. Versions below 5.17.3 are vulnerable.

Check Version:

uname -r

Verify Fix Applied:

After patching, verify kernel version is 5.17.3 or higher with 'uname -r'

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
System crash/reboot events
io_uring related error messages in dmesg

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "io_uring")

📊 Metadata

CVE ID: CVE-2022-29582

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-362

Published: April 22, 2022

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2022/04/22/4 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/08/08/3 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/24/3
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3 Mailing List,Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e677edbcabee849bfdd43f1602bccbecf736a646 Mailing List,Patch,Vendor Advisory
https://github.com/Ruia-ruia/CVE-2022-29582-Exploit Third Party Advisory
https://github.com/torvalds/linux/commit/e677edbcabee849bfdd43f1602bccbecf736a646 Patch,Third Party Advisory
https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/ Exploit,Third Party Advisory
https://www.debian.org/security/2022/dsa-5127 Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/04/22/3 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/22/4 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/08/08/3 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/24/3
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3 Mailing List,Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e677edbcabee849bfdd43f1602bccbecf736a646 Mailing List,Patch,Vendor Advisory
https://github.com/Ruia-ruia/CVE-2022-29582-Exploit Third Party Advisory
https://github.com/torvalds/linux/commit/e677edbcabee849bfdd43f1602bccbecf736a646 Patch,Third Party Advisory
https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/ Exploit,Third Party Advisory
https://www.debian.org/security/2022/dsa-5127 Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/04/22/3 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29582, you might also want to check these: