| SvenKieske | has anybody a status update for https://ubuntu.com/security/CVE-2022-29582 ? there soon will be exploits for local priv escalation available and I would like to have some time to patch before those arrive.. | 09:30 |
|---|---|---|
| ubottu | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582> | 09:30 |
| ebarretto | sbeattie, ^ | 09:30 |
| SvenKieske | and how on earth is that a "medium" CVE? but why do I even ask that.. | 09:32 |
| mdeslaur | SvenKieske: I don't have info on the status of it, but I do agree it should be high so I changed it | 11:21 |
| SvenKieske | mdeslaur: thanks! much appricated! | 12:10 |
| mdeslaur | SvenKieske: the kernel team is looking into it and will update the tracker | 12:38 |
| SvenKieske | mdeslaur: very kind of you :) | 13:53 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!