VDB
CVE-2022-4696
CVE-2022-4696
PUBLISHED
Im Linux-Kernel existiert eine Schwachstelle in [io_uring.c] bezüglich der Operation "IORING_OP_SPLICE". Das "IO_WQ_WORK_FILES" Flag fehlt, was zu einer Use-after-free Situation führen kann. Ein Angreifer kann diese Schwachstelle ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen.
EPSS 0.02% · 5.4th percentile
Risk Scores
EPSS Score
0.02%
5.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Google Android 12L | ||
| Google Android 12 | ||
| Google Android 13 | ||
| Debian | Debian Linux | |
| Google Android 11 |
Exploit Intelligence
Timeline
- Jan 11, 2023 CVE Published
- Jan 12, 2023 EPSS Score
- Feb 22, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 4, 2023 EPSS Score
- May 14, 2023 EPSS Score
- Jun 24, 2023 EPSS Score
- Aug 4, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
- Oct 25, 2023 EPSS Score
- Dec 5, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0081.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0081 advisory
- https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html advisory
- https://github.com/advisories/GHSA-8vjx-3vgx-66mx advisory
- https://lists.debian.org/debian-security-announce/2023/msg00013.html advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0837.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0837 advisory
- https://source.android.com/docs/security/bulletin/2023-04-01 advisory