CVE-2022-1011

CVE-2022-1011

Name

CVE-2022-1011

Description

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/
MISC	http://packetstormsecurity.com/files/166772/Linux-FUSE-Use-After-Free.html
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=2064855
Mailing List	https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
Third Party Advisory	https://www.debian.org/security/2022/dsa-5173
Third Party Advisory	https://www.oracle.com/security-alerts/cpujul2022.html

Type

URI

MISC

https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/

MISC

http://packetstormsecurity.com/files/166772/Linux-FUSE-Use-After-Free.html

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2064855