Use After Free Vulnerability in lio_listio System Call
CVE-2022-23090

Currently unrated

Key Information:

Vendor

FreeBSD

Status
FreeBSD
Vendor
CVE Published:
15 February 2024

What is CVE-2022-23090?

The aio_aqueue function, associated with the lio_listio system call in FreeBSD, has a significant flaw wherein it fails to release a reference to credentials during error conditions. This oversight can allow an attacker to manipulate the reference count, potentially leading to a use-after-free condition. Such vulnerabilities can have profound implications, potentially enabling unauthorized access, data manipulation or system instability. It's essential for users of the affected FreeBSD versions to review security advisories and implement the recommended mitigations promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FreeBSD 13.1-RELEASE

FreeBSD 13.0-RELEASE

FreeBSD 12.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-22:10....
vendor-advisory
https://security.netapp.com/advisory/ntap-20240415-0007/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chris J-D <chris@accessvector.net>
JSON
.