How severe is CVE-2022-4696?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2022-4696?

This is classified as CWE-763, which is a common weakness in software security.

CVE-2022-4696 - HIGH Severity | CVSS 7.8

Vulnerability Description

There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above

Related Vulnerabilities

CVE-2013-4695

HIGH

CVSS:7.8(High)

Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution

CWE-7632013

CVE-2017-0731

HIGH

CVSS:7.8(High)

A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.

CWE-7632017

CVE-2017-18075

HIGH

CVSS:7.8(High)

crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_C...

CWE-7632017

CVE-2018-9557

HIGH

CVSS:7.8(High)

In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileg...

CWE-7632018

CVE-2019-18619

HIGH

CVSS:7.8(High)

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (t...

CWE-7632019

CVE-2019-19820

HIGH

CVSS:7.8(High)

An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution ...

CWE-7632019