MNBSD-2022-11: aio_aqueue() credential reference leak leading to use-after-free

Severity: Unknown

Affected Package: kernel

Summary: aio_aqueue() credential reference leak leading to use-after-free

Description

The aio_aqueue() function failed to release a credential reference on an error path. Repeatedly triggering the error could overflow the reference count, leading to a use-after-free that a local user might leverage for privilege escalation.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2022-23090

Published: August 09, 2022
Last Modified: August 09, 2022