QwikSec

Security Database

CVE

CWE

Training

CVE-2022-1998

Published: Jun 9, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Vendor	Product	Versions
n/a	Kernel	affected `Linux kernel 5.17-rc3`

Weaknesses (CWE)

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/notify/fanotify/fanotify_user.c?h=v5.17&id=ee12595147ac1fbfb5bcb23837e26dd58d94b15d

x_refsource_MISC

https://seclists.org/oss-sec/2022/q1/99

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220707-0009/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.