[09:30] <SvenKieske> has anybody a status update for https://ubuntu.com/security/CVE-2022-29582 ? there soon will be exploits for local priv escalation available and I would like to have some time to patch before those arrive..
[09:30] <ubottu> In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582>
[09:30] <ebarretto> sbeattie, ^
[09:32] <SvenKieske> and how on earth is that a "medium" CVE? but why do I even ask that..
[11:21] <mdeslaur> SvenKieske: I don't have info on the status of it, but I do agree it should be high so I changed it
[12:10] <SvenKieske> mdeslaur: thanks! much appricated!
[12:38] <mdeslaur> SvenKieske: the kernel team is looking into it and will update the tracker
[13:53] <SvenKieske> mdeslaur: very kind of you :)