CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-23090

The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.0%

CVSS Severity

CVSS v3 Score 7.7

References

https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc
https://security.netapp.com/advisory/ntap-20240415-0007/
https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc
https://security.netapp.com/advisory/ntap-20240415-0007/

Products affected by CVE-2022-23090

Freebsd » Freebsd » Version: 12.3

cpe:2.3:o:freebsd:freebsd:12.3
Freebsd » Freebsd » Version: 13.0

cpe:2.3:o:freebsd:freebsd:13.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23090

Products

Pricing

Contact Us