| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.1 | $0-$5k | 1.91 |
Summary
A vulnerability classified as critical has been found in Linux Kernel. This impacts the function io_uring. The manipulation leads to double free.
This vulnerability is uniquely identified as CVE-2022-2327. The attack is possible to be carried out remotely. No exploit exists.
Applying a patch is the recommended action to fix this issue.
Details
A vulnerability was found in Linux Kernel (Operating System) (version now known) and classified as critical. This issue affects the function io_uring. The manipulation with an unknown input leads to a double free vulnerability. Using CWE to declare the problem leads to CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859
The weakness was disclosed 07/22/2022. The advisory is shared at git.kernel.org. The identification of this vulnerability is CVE-2022-2327 since 07/06/2022. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 239850 (TencentOS Server 4: kernel (TSSA-2024:0980)), which helps to determine the existence of the flaw in a target environment.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org.
The vulnerability is also documented in the databases at Tenable (239850) and EUVD (EUVD-2022-34596). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.2VulDB Meta Temp Score: 7.1
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CNA Base Score: 7.5
CNA Vector (Google Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Double freeCWE: CWE-415 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 239850
Nessus Name: TencentOS Server 4: kernel (TSSA-2024:0980)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: git.kernel.org
Timeline
07/06/2022 🔍07/22/2022 🔍
07/22/2022 🔍
05/25/2026 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2022-2327 (🔍)
GCVE (CVE): GCVE-0-2022-2327
GCVE (VulDB): GCVE-100-204917
EUVD: 🔍
Entry
Created: 07/22/2022 14:35Updated: 05/25/2026 14:56
Changes: 07/22/2022 14:35 (41), 08/20/2022 12:20 (21), 06/19/2025 19:41 (16), 05/25/2026 14:56 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.

No comments yet. Languages: en.
Please log in to comment.