CVE-2022-2602: Linux kernel local privilege escalation vulnerabilty

Security researcher Thadeu Lima de Souza Cascardo has discovered a new privilege escalation vulnerability in the Linux kernel that could allow a local attacker to execute code on the affected systems with elevated privileges. Also, Cascardo will release the PoC on October 25th.

An independent security researcher working with Trend Micro Zeroday Initiative discovered that the Linux kernel vulnerability tracked as CVE-2022-2602 exists in the Unix garbage collection and io_uring.

“The vulnerability is a use-after-free that happens when an io_uring request is being processed on a registered file and the Unix GC runs and frees the io_uring fd and all the registered fds. The order at which the Unix GC processes the inflight fds may lead to registered fds be freed before the io_uring is released and has the chance to unregister and wait for such requests to finish.”

CVE-2022-2602 affects Linux kernel upstream stable 5.4.y, 5.15.y, and later versions. 5.10.y.

How to trigger this race condition is to use userfaultfd and other similar strategies that cause the request to be held while waiting for the attacker to trigger the free.

Administrators are advised to apply the appropriate updates on their Linux distributions as soon as they receive them from their respective distro. They’re also recommended to allow only trusted users to access local systems and always monitor affected systems.

Update:

The PoC is available here.