vulnerability

Debian: CVE-2022-3910: linux -- security update

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Nov 22, 2022	Jul 30, 2024	Aug 15, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Nov 22, 2022

Added

Jul 30, 2024

Modified

Aug 15, 2025

Description

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation.
When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately.

We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

debian-upgrade-linux

NEW

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.