CVE-2022-2961

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Weakness

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	*	6.0 (excluding)
Linux_kernel	Linux	6.0-rc1 (including)	6.0-rc1 (including)
Linux	Ubuntu	bionic	*
Linux	Ubuntu	focal	*
Linux	Ubuntu	kinetic	*
Linux	Ubuntu	lunar	*
Linux	Ubuntu	mantic	*
Linux	Ubuntu	oracular	*
Linux	Ubuntu	plucky	*
Linux	Ubuntu	trusty	*
Linux	Ubuntu	trusty/esm	*
Linux	Ubuntu	xenial	*
Linux-allwinner	Ubuntu	kinetic	*
Linux-allwinner	Ubuntu	lunar	*
Linux-allwinner	Ubuntu	upstream	*
Linux-allwinner-5.19	Ubuntu	jammy	*
Linux-allwinner-5.19	Ubuntu	upstream	*
Linux-aws	Ubuntu	bionic	*
Linux-aws	Ubuntu	esm-infra-legacy/trusty	*
Linux-aws	Ubuntu	esm-infra/bionic	*
Linux-aws	Ubuntu	esm-infra/focal	*
Linux-aws	Ubuntu	esm-infra/xenial	*
Linux-aws	Ubuntu	focal	*
Linux-aws	Ubuntu	kinetic	*
Linux-aws	Ubuntu	lunar	*
Linux-aws	Ubuntu	mantic	*
Linux-aws	Ubuntu	oracular	*
Linux-aws	Ubuntu	plucky	*
Linux-aws	Ubuntu	trusty	*
Linux-aws	Ubuntu	trusty/esm	*
Linux-aws	Ubuntu	xenial	*
Linux-aws-5.0	Ubuntu	bionic	*
Linux-aws-5.0	Ubuntu	esm-infra/bionic	*
Linux-aws-5.0	Ubuntu	upstream	*
Linux-aws-5.11	Ubuntu	esm-infra/focal	*
Linux-aws-5.11	Ubuntu	focal	*
Linux-aws-5.11	Ubuntu	upstream	*
Linux-aws-5.13	Ubuntu	esm-infra/focal	*
Linux-aws-5.13	Ubuntu	focal	*
Linux-aws-5.13	Ubuntu	upstream	*
Linux-aws-5.15	Ubuntu	esm-infra/focal	*
Linux-aws-5.15	Ubuntu	focal	*
Linux-aws-5.19	Ubuntu	jammy	*
Linux-aws-5.19	Ubuntu	upstream	*
Linux-aws-5.3	Ubuntu	bionic	*
Linux-aws-5.3	Ubuntu	esm-infra/bionic	*
Linux-aws-5.3	Ubuntu	upstream	*
Linux-aws-5.4	Ubuntu	bionic	*
Linux-aws-5.4	Ubuntu	esm-infra/bionic	*
Linux-aws-5.8	Ubuntu	esm-infra/focal	*
Linux-aws-5.8	Ubuntu	focal	*
Linux-aws-5.8	Ubuntu	upstream	*
Linux-aws-6.2	Ubuntu	jammy	*
Linux-aws-6.2	Ubuntu	upstream	*
Linux-aws-6.5	Ubuntu	jammy	*
Linux-aws-6.5	Ubuntu	upstream	*
Linux-aws-fips	Ubuntu	fips-updates/bionic	*
Linux-aws-fips	Ubuntu	fips/bionic	*
Linux-aws-hwe	Ubuntu	esm-infra/xenial	*
Linux-aws-hwe	Ubuntu	xenial	*
Linux-azure	Ubuntu	bionic	*
Linux-azure	Ubuntu	esm-infra-legacy/trusty	*
Linux-azure	Ubuntu	esm-infra/bionic	*
Linux-azure	Ubuntu	esm-infra/focal	*
Linux-azure	Ubuntu	esm-infra/xenial	*
Linux-azure	Ubuntu	focal	*
Linux-azure	Ubuntu	kinetic	*
Linux-azure	Ubuntu	lunar	*
Linux-azure	Ubuntu	mantic	*
Linux-azure	Ubuntu	oracular	*
Linux-azure	Ubuntu	plucky	*
Linux-azure	Ubuntu	trusty	*
Linux-azure	Ubuntu	trusty/esm	*
Linux-azure	Ubuntu	xenial	*
Linux-azure-4.15	Ubuntu	bionic	*
Linux-azure-4.15	Ubuntu	esm-infra/bionic	*
Linux-azure-5.11	Ubuntu	esm-infra/focal	*
Linux-azure-5.11	Ubuntu	focal	*
Linux-azure-5.11	Ubuntu	upstream	*
Linux-azure-5.13	Ubuntu	esm-infra/focal	*
Linux-azure-5.13	Ubuntu	focal	*
Linux-azure-5.13	Ubuntu	upstream	*
Linux-azure-5.15	Ubuntu	esm-infra/focal	*
Linux-azure-5.15	Ubuntu	focal	*
Linux-azure-5.19	Ubuntu	jammy	*
Linux-azure-5.19	Ubuntu	upstream	*
Linux-azure-5.3	Ubuntu	bionic	*
Linux-azure-5.3	Ubuntu	esm-infra/bionic	*
Linux-azure-5.3	Ubuntu	upstream	*
Linux-azure-5.4	Ubuntu	bionic	*
Linux-azure-5.4	Ubuntu	esm-infra/bionic	*
Linux-azure-5.8	Ubuntu	esm-infra/focal	*
Linux-azure-5.8	Ubuntu	focal	*
Linux-azure-5.8	Ubuntu	upstream	*
Linux-azure-6.11	Ubuntu	noble	*
Linux-azure-6.2	Ubuntu	jammy	*
Linux-azure-6.2	Ubuntu	upstream	*
Linux-azure-6.5	Ubuntu	jammy	*
Linux-azure-6.5	Ubuntu	upstream	*
Linux-azure-edge	Ubuntu	bionic	*
Linux-azure-edge	Ubuntu	esm-infra/bionic	*
Linux-azure-edge	Ubuntu	upstream	*
Linux-azure-fde	Ubuntu	esm-infra/focal	*
Linux-azure-fde	Ubuntu	focal	*
Linux-azure-fde	Ubuntu	plucky	*
Linux-azure-fde-5.15	Ubuntu	esm-infra/focal	*
Linux-azure-fde-5.15	Ubuntu	focal	*
Linux-azure-fde-5.19	Ubuntu	jammy	*
Linux-azure-fde-5.19	Ubuntu	upstream	*
Linux-azure-fde-6.2	Ubuntu	jammy	*
Linux-azure-fde-6.2	Ubuntu	upstream	*
Linux-azure-fips	Ubuntu	fips-updates/bionic	*
Linux-azure-fips	Ubuntu	fips/bionic	*
Linux-bluefield	Ubuntu	esm-infra/focal	*
Linux-bluefield	Ubuntu	focal	*
Linux-dell300x	Ubuntu	bionic	*
Linux-dell300x	Ubuntu	upstream	*
Linux-fips	Ubuntu	fips-updates/bionic	*
Linux-fips	Ubuntu	fips-updates/xenial	*
Linux-fips	Ubuntu	fips/bionic	*
Linux-fips	Ubuntu	fips/xenial	*
Linux-gcp	Ubuntu	bionic	*
Linux-gcp	Ubuntu	esm-infra/bionic	*
Linux-gcp	Ubuntu	esm-infra/focal	*
Linux-gcp	Ubuntu	esm-infra/xenial	*
Linux-gcp	Ubuntu	focal	*
Linux-gcp	Ubuntu	kinetic	*
Linux-gcp	Ubuntu	lunar	*
Linux-gcp	Ubuntu	mantic	*
Linux-gcp	Ubuntu	oracular	*
Linux-gcp	Ubuntu	plucky	*
Linux-gcp	Ubuntu	xenial	*
Linux-gcp-4.15	Ubuntu	bionic	*
Linux-gcp-4.15	Ubuntu	esm-infra/bionic	*
Linux-gcp-5.11	Ubuntu	esm-infra/focal	*
Linux-gcp-5.11	Ubuntu	focal	*
Linux-gcp-5.11	Ubuntu	upstream	*
Linux-gcp-5.13	Ubuntu	esm-infra/focal	*
Linux-gcp-5.13	Ubuntu	focal	*
Linux-gcp-5.13	Ubuntu	upstream	*
Linux-gcp-5.15	Ubuntu	esm-infra/focal	*
Linux-gcp-5.15	Ubuntu	focal	*
Linux-gcp-5.19	Ubuntu	jammy	*
Linux-gcp-5.19	Ubuntu	upstream	*
Linux-gcp-5.3	Ubuntu	bionic	*
Linux-gcp-5.3	Ubuntu	esm-infra/bionic	*
Linux-gcp-5.3	Ubuntu	upstream	*
Linux-gcp-5.4	Ubuntu	bionic	*
Linux-gcp-5.4	Ubuntu	esm-infra/bionic	*
Linux-gcp-5.8	Ubuntu	esm-infra/focal	*
Linux-gcp-5.8	Ubuntu	focal	*
Linux-gcp-5.8	Ubuntu	upstream	*
Linux-gcp-6.11	Ubuntu	noble	*
Linux-gcp-6.2	Ubuntu	jammy	*
Linux-gcp-6.2	Ubuntu	upstream	*
Linux-gcp-6.5	Ubuntu	jammy	*
Linux-gcp-6.5	Ubuntu	upstream	*
Linux-gcp-fips	Ubuntu	fips-updates/bionic	*
Linux-gcp-fips	Ubuntu	fips/bionic	*
Linux-gke	Ubuntu	esm-infra/focal	*
Linux-gke	Ubuntu	focal	*
Linux-gke	Ubuntu	xenial	*
Linux-gke-4.15	Ubuntu	bionic	*
Linux-gke-4.15	Ubuntu	esm-infra/bionic	*
Linux-gke-4.15	Ubuntu	upstream	*
Linux-gke-5.0	Ubuntu	bionic	*
Linux-gke-5.0	Ubuntu	upstream	*
Linux-gke-5.15	Ubuntu	esm-infra/focal	*
Linux-gke-5.15	Ubuntu	focal	*
Linux-gke-5.15	Ubuntu	upstream	*
Linux-gke-5.3	Ubuntu	bionic	*
Linux-gke-5.3	Ubuntu	upstream	*
Linux-gke-5.4	Ubuntu	bionic	*
Linux-gke-5.4	Ubuntu	esm-infra/bionic	*
Linux-gke-5.4	Ubuntu	upstream	*
Linux-gkeop	Ubuntu	esm-infra/focal	*
Linux-gkeop	Ubuntu	focal	*
Linux-gkeop-5.15	Ubuntu	esm-infra/focal	*
Linux-gkeop-5.15	Ubuntu	focal	*
Linux-gkeop-5.4	Ubuntu	bionic	*
Linux-gkeop-5.4	Ubuntu	esm-infra/bionic	*
Linux-gkeop-5.4	Ubuntu	upstream	*
Linux-hwe	Ubuntu	bionic	*
Linux-hwe	Ubuntu	esm-infra/bionic	*
Linux-hwe	Ubuntu	esm-infra/xenial	*
Linux-hwe	Ubuntu	xenial	*
Linux-hwe-5.11	Ubuntu	esm-infra/focal	*
Linux-hwe-5.11	Ubuntu	focal	*
Linux-hwe-5.11	Ubuntu	upstream	*
Linux-hwe-5.13	Ubuntu	esm-infra/focal	*
Linux-hwe-5.13	Ubuntu	focal	*
Linux-hwe-5.13	Ubuntu	upstream	*
Linux-hwe-5.15	Ubuntu	esm-infra/focal	*
Linux-hwe-5.15	Ubuntu	focal	*
Linux-hwe-5.19	Ubuntu	jammy	*
Linux-hwe-5.19	Ubuntu	upstream	*
Linux-hwe-5.4	Ubuntu	bionic	*
Linux-hwe-5.4	Ubuntu	esm-infra/bionic	*
Linux-hwe-5.8	Ubuntu	esm-infra/focal	*
Linux-hwe-5.8	Ubuntu	focal	*
Linux-hwe-5.8	Ubuntu	upstream	*
Linux-hwe-6.2	Ubuntu	jammy	*
Linux-hwe-6.2	Ubuntu	upstream	*
Linux-hwe-edge	Ubuntu	bionic	*
Linux-hwe-edge	Ubuntu	esm-infra/bionic	*
Linux-hwe-edge	Ubuntu	esm-infra/xenial	*
Linux-hwe-edge	Ubuntu	upstream	*
Linux-hwe-edge	Ubuntu	xenial	*
Linux-ibm	Ubuntu	esm-infra/focal	*
Linux-ibm	Ubuntu	focal	*
Linux-ibm	Ubuntu	kinetic	*
Linux-ibm	Ubuntu	lunar	*
Linux-ibm	Ubuntu	mantic	*
Linux-ibm-5.15	Ubuntu	esm-infra/focal	*
Linux-ibm-5.15	Ubuntu	focal	*
Linux-ibm-5.4	Ubuntu	bionic	*
Linux-ibm-5.4	Ubuntu	esm-infra/bionic	*
Linux-intel-5.13	Ubuntu	esm-infra/focal	*
Linux-intel-5.13	Ubuntu	focal	*
Linux-intel-5.13	Ubuntu	upstream	*
Linux-intel-iot-realtime	Ubuntu	jammy	*
Linux-intel-iotg-5.15	Ubuntu	esm-infra/focal	*
Linux-intel-iotg-5.15	Ubuntu	focal	*
Linux-iot	Ubuntu	focal	*
Linux-kvm	Ubuntu	bionic	*
Linux-kvm	Ubuntu	esm-infra/bionic	*
Linux-kvm	Ubuntu	esm-infra/focal	*
Linux-kvm	Ubuntu	esm-infra/xenial	*
Linux-kvm	Ubuntu	focal	*
Linux-kvm	Ubuntu	kinetic	*
Linux-kvm	Ubuntu	lunar	*
Linux-kvm	Ubuntu	xenial	*
Linux-laptop	Ubuntu	mantic	*
Linux-lowlatency	Ubuntu	kinetic	*
Linux-lowlatency	Ubuntu	lunar	*
Linux-lowlatency	Ubuntu	mantic	*
Linux-lowlatency	Ubuntu	oracular	*
Linux-lowlatency-hwe-5.15	Ubuntu	esm-infra/focal	*
Linux-lowlatency-hwe-5.15	Ubuntu	focal	*
Linux-lowlatency-hwe-5.19	Ubuntu	jammy	*
Linux-lowlatency-hwe-5.19	Ubuntu	upstream	*
Linux-lowlatency-hwe-6.11	Ubuntu	noble	*
Linux-lowlatency-hwe-6.2	Ubuntu	jammy	*
Linux-lowlatency-hwe-6.2	Ubuntu	upstream	*
Linux-lowlatency-hwe-6.5	Ubuntu	jammy	*
Linux-lts-xenial	Ubuntu	esm-infra-legacy/trusty	*
Linux-lts-xenial	Ubuntu	trusty	*
Linux-lts-xenial	Ubuntu	trusty/esm	*
Linux-nvidia-6.11	Ubuntu	noble	*
Linux-nvidia-6.2	Ubuntu	jammy	*
Linux-nvidia-6.2	Ubuntu	upstream	*
Linux-nvidia-tegra-5.15	Ubuntu	esm-infra/focal	*
Linux-nvidia-tegra-5.15	Ubuntu	focal	*
Linux-oem	Ubuntu	bionic	*
Linux-oem	Ubuntu	esm-infra/bionic	*
Linux-oem	Ubuntu	upstream	*
Linux-oem	Ubuntu	xenial	*
Linux-oem-5.10	Ubuntu	esm-infra/focal	*
Linux-oem-5.10	Ubuntu	focal	*
Linux-oem-5.10	Ubuntu	upstream	*
Linux-oem-5.13	Ubuntu	esm-infra/focal	*
Linux-oem-5.13	Ubuntu	focal	*
Linux-oem-5.13	Ubuntu	upstream	*
Linux-oem-5.14	Ubuntu	esm-infra/focal	*
Linux-oem-5.14	Ubuntu	focal	*
Linux-oem-5.14	Ubuntu	upstream	*
Linux-oem-5.17	Ubuntu	jammy	*
Linux-oem-5.17	Ubuntu	kinetic	*
Linux-oem-5.17	Ubuntu	upstream	*
Linux-oem-5.6	Ubuntu	esm-infra/focal	*
Linux-oem-5.6	Ubuntu	focal	*
Linux-oem-5.6	Ubuntu	upstream	*
Linux-oem-6.0	Ubuntu	jammy	*
Linux-oem-6.0	Ubuntu	upstream	*
Linux-oem-6.1	Ubuntu	jammy	*
Linux-oem-6.1	Ubuntu	upstream	*
Linux-oem-6.5	Ubuntu	jammy	*
Linux-oem-6.5	Ubuntu	upstream	*
Linux-oem-osp1	Ubuntu	bionic	*
Linux-oem-osp1	Ubuntu	upstream	*
Linux-oracle	Ubuntu	bionic	*
Linux-oracle	Ubuntu	esm-infra/bionic	*
Linux-oracle	Ubuntu	esm-infra/focal	*
Linux-oracle	Ubuntu	esm-infra/xenial	*
Linux-oracle	Ubuntu	focal	*
Linux-oracle	Ubuntu	kinetic	*
Linux-oracle	Ubuntu	lunar	*
Linux-oracle	Ubuntu	mantic	*
Linux-oracle	Ubuntu	oracular	*
Linux-oracle	Ubuntu	plucky	*
Linux-oracle	Ubuntu	xenial	*
Linux-oracle-5.0	Ubuntu	bionic	*
Linux-oracle-5.0	Ubuntu	esm-infra/bionic	*
Linux-oracle-5.0	Ubuntu	upstream	*
Linux-oracle-5.11	Ubuntu	esm-infra/focal	*
Linux-oracle-5.11	Ubuntu	focal	*
Linux-oracle-5.11	Ubuntu	upstream	*
Linux-oracle-5.13	Ubuntu	esm-infra/focal	*
Linux-oracle-5.13	Ubuntu	focal	*
Linux-oracle-5.13	Ubuntu	upstream	*
Linux-oracle-5.15	Ubuntu	esm-infra/focal	*
Linux-oracle-5.15	Ubuntu	focal	*
Linux-oracle-5.3	Ubuntu	bionic	*
Linux-oracle-5.3	Ubuntu	esm-infra/bionic	*
Linux-oracle-5.3	Ubuntu	upstream	*
Linux-oracle-5.4	Ubuntu	bionic	*
Linux-oracle-5.4	Ubuntu	esm-infra/bionic	*
Linux-oracle-5.8	Ubuntu	esm-infra/focal	*
Linux-oracle-5.8	Ubuntu	focal	*
Linux-oracle-5.8	Ubuntu	upstream	*
Linux-oracle-6.14	Ubuntu	noble	*
Linux-oracle-6.5	Ubuntu	jammy	*
Linux-oracle-6.5	Ubuntu	upstream	*
Linux-raspi	Ubuntu	esm-infra/focal	*
Linux-raspi	Ubuntu	focal	*
Linux-raspi	Ubuntu	kinetic	*
Linux-raspi	Ubuntu	lunar	*
Linux-raspi	Ubuntu	mantic	*
Linux-raspi	Ubuntu	oracular	*
Linux-raspi	Ubuntu	plucky	*
Linux-raspi-5.4	Ubuntu	bionic	*
Linux-raspi-5.4	Ubuntu	esm-infra/bionic	*
Linux-raspi-realtime	Ubuntu	noble	*
Linux-raspi2	Ubuntu	bionic	*
Linux-raspi2	Ubuntu	esm-infra/focal	*
Linux-raspi2	Ubuntu	focal	*
Linux-raspi2	Ubuntu	upstream	*
Linux-raspi2	Ubuntu	xenial	*
Linux-raspi2-5.3	Ubuntu	bionic	*
Linux-raspi2-5.3	Ubuntu	upstream	*
Linux-realtime	Ubuntu	jammy	*
Linux-realtime	Ubuntu	noble	*
Linux-realtime	Ubuntu	oracular	*
Linux-realtime	Ubuntu	plucky	*
Linux-realtime-6.14	Ubuntu	realtime/noble	*
Linux-riscv	Ubuntu	esm-infra/focal	*
Linux-riscv	Ubuntu	focal	*
Linux-riscv	Ubuntu	jammy	*
Linux-riscv	Ubuntu	kinetic	*
Linux-riscv	Ubuntu	lunar	*
Linux-riscv	Ubuntu	mantic	*
Linux-riscv	Ubuntu	noble	*
Linux-riscv	Ubuntu	oracular	*
Linux-riscv	Ubuntu	plucky	*
Linux-riscv-5.11	Ubuntu	esm-infra/focal	*
Linux-riscv-5.11	Ubuntu	focal	*
Linux-riscv-5.11	Ubuntu	upstream	*
Linux-riscv-5.15	Ubuntu	focal	*
Linux-riscv-5.19	Ubuntu	jammy	*
Linux-riscv-5.19	Ubuntu	upstream	*
Linux-riscv-5.8	Ubuntu	esm-infra/focal	*
Linux-riscv-5.8	Ubuntu	focal	*
Linux-riscv-5.8	Ubuntu	upstream	*
Linux-riscv-6.14	Ubuntu	noble	*
Linux-riscv-6.5	Ubuntu	jammy	*
Linux-riscv-6.5	Ubuntu	upstream	*
Linux-snapdragon	Ubuntu	bionic	*
Linux-snapdragon	Ubuntu	upstream	*
Linux-snapdragon	Ubuntu	xenial	*
Linux-starfive	Ubuntu	kinetic	*
Linux-starfive	Ubuntu	lunar	*
Linux-starfive	Ubuntu	mantic	*
Linux-starfive-5.19	Ubuntu	jammy	*
Linux-starfive-5.19	Ubuntu	upstream	*
Linux-starfive-6.2	Ubuntu	jammy	*
Linux-starfive-6.2	Ubuntu	upstream	*
Linux-starfive-6.5	Ubuntu	jammy	*
Linux-starfive-6.5	Ubuntu	upstream	*
Linux-xilinx	Ubuntu	plucky	*
Linux-xilinx-zynqmp	Ubuntu	focal	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-2961
CWE	https://cwe.mitre.org/data/definitions/416.html

Use After Free

Weakness

Affected Software

Potential Mitigations

References