FKIE_CVE-2022-23090

Vulnerability from fkie_nvd - Published: 2024-02-15 06:15 - Updated: 2025-06-04 21:59
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).
References
secteam@freebsd.orghttps://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.ascVendor Advisory
secteam@freebsd.orghttps://security.netapp.com/advisory/ntap-20240415-0007/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.ascVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240415-0007/Third Party Advisory
Impacted products
Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd 12.3
freebsd freebsd 12.3
freebsd freebsd 12.3
freebsd freebsd 12.3
freebsd freebsd 12.3
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
freebsd freebsd 13.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E231B24D-5CA9-4107-A819-57EE116AD644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "3B6DCD8A-331E-419F-9253-C4D35C1DF54B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4578E06C-16C6-435E-9E51-91CB02602355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0EC87BCE-17F0-479B-84DC-516C24FBD396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "620C23ED-400C-438C-8427-94437F12EDAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "833DFF5B-BC50-424A-ABCF-EC632F421B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "9F27016E-4117-4094-BB7A-9C56E38024D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*",
              "matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "B149BF69-951D-47B4-996C-9E4773DA75B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "04A0E266-714C-4753-A652-A51F25582C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*",
              "matchCriteriaId": "D133E8E0-4E88-451C-9693-5DE5C3092AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p11:*:*:*:*:*:*",
              "matchCriteriaId": "FF1A096F-EC60-4C7D-AE40-D1DDAC9D4E40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "556111A1-C236-4DF6-9438-F9C874451A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "1673F16B-463A-492C-B66F-48917008F7F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E73B211F-2CA9-47A4-B318-F24CC1C7E589",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "7A942EA9-0DD3-44BC-B582-C680BA34E88F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*",
              "matchCriteriaId": "689BC10B-0404-4468-B604-9D96337F9BD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*",
              "matchCriteriaId": "38DDAA43-3E9C-479F-8416-E3B9BE23C31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*",
              "matchCriteriaId": "AE490480-1EA1-4684-A643-9749E87A8448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC271C93-EB83-4301-B7BA-F3249B71B1EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "04329338-AC28-4A74-BE6B-CE8EC6CC37B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*",
              "matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.\n\nAn attacker may cause the reference count to overflow, leading to a use after free (UAF)."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n aio_aqueue, utilizada por la llamada al sistema lio_listio, no puede liberar una referencia a una credencial en un caso de error. Un atacante puede provocar que el recuento de referencias se desborde, lo que provocar\u00e1 un use after free (UAF)."
    }
  ],
  "id": "CVE-2022-23090",
  "lastModified": "2025-06-04T21:59:04.990",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.2,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-02-15T06:15:45.103",
  "references": [
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc"
    },
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240415-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240415-0007/"
    }
  ],
  "sourceIdentifier": "secteam@freebsd.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.