{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2585", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2022-07-29T21:59:31.316Z", "datePublished": "2024-01-08T17:38:27.327Z", "dateUpdated": "2024-09-04T19:03:25.626Z"}, "containers": {"cna": {"affected": [{"packageName": "linux", "product": "linux", "vendor": "The Linux Kernel Organization", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "platforms": ["Linux"], "versions": [{"lessThan": "6.0~rc1", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"tags": ["issue-tracking"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"tags": ["issue-tracking"], "url": "https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u"}, {"tags": ["issue-tracking"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/7"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}], "credits": [{"lang": "en", "type": "finder", "value": "An independent security researcher working with SSD Secure Disclosure"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-01-08T17:38:27.327Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:08.282Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/7"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-02T17:22:39.159224Z", "id": "CVE-2022-2585", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T19:03:25.626Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://ubuntu.com/security/notices/USN-5566-1", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://ubuntu.com/security/notices/USN-5564-1", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://ubuntu.com/security/notices/USN-5567-1", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2022/08/09/7", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://ubuntu.com/security/notices/USN-5565-1", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:08.282Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2585", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-02T17:22:39.159224Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T19:03:22.185Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "An independent security researcher working with SSD Secure Disclosure"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "vendor": "The Linux Kernel Organization", "product": "linux", "versions": [{"status": "affected", "version": "0", "lessThan": "6.0~rc1", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "linux"}], "references": [{"url": "https://ubuntu.com/security/notices/USN-5566-1", "tags": ["third-party-advisory"]}, {"url": "https://ubuntu.com/security/notices/USN-5564-1", "tags": ["third-party-advisory"]}, {"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585", "tags": ["issue-tracking"]}, {"url": "https://ubuntu.com/security/notices/USN-5567-1", "tags": ["third-party-advisory"]}, {"url": "https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u", "tags": ["issue-tracking"]}, {"url": "https://www.openwall.com/lists/oss-security/2022/08/09/7", "tags": ["issue-tracking"]}, {"url": "https://ubuntu.com/security/notices/USN-5565-1", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-01-08T17:38:27.327Z"}}}, "cveMetadata": {"cveId": "CVE-2022-2585", "state": "PUBLISHED", "dateUpdated": "2024-09-04T19:03:25.626Z", "dateReserved": "2022-07-29T21:59:31.316Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2024-01-08T17:38:27.327Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "674AABE4-BC3E-4530-9717-5DFE7AB70A3F", "versionEndExcluding": "5.10.137", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "51861563-7F40-460F-82CD-2D3FBDAD6618", "versionEndExcluding": "5.15.61", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B42E453-8837-49D0-A5EF-03F818A6DC11", "versionEndExcluding": "5.18.18", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1A2A5A5-4598-4D7E-BA07-4660398D6C8F", "versionEndExcluding": "5.19.2", "versionStartIncluding": "5.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free."}, {"lang": "es", "value": "Se descubri\u00f3 que al ejecutar desde un subproceso no l\u00edder, los temporizadores de CPU POSIX armados se dejaban en una lista pero se liberaban, lo que generaba un use-after-free."}], "id": "CVE-2022-2585", "lastModified": "2024-08-22T20:28:23.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2024-01-08T18:15:44.383", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Patch"], "url": "https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"source": "security@ubuntu.com", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/7"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:7318", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-70.30.1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2022:7319", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-70.30.1.rt21.102.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2022:7318", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-70.30.1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2022:7330", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-02T00:00:00Z"}], "bugzilla": {"description": "kernel: posix cpu timer use-after-free may lead to local privilege escalation", "id": "2114874", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114874"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.", "A use-after-free flaw was found in the Linux kernel\u2019s POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2022-2585", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2022-08-09T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2585\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2585\nhttps://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u"], "threat_severity": "Important", "upstream_fix": "kernel 6.0 rc1"}