{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T21:55:41.015","vulnerabilities":[{"cve":{"id":"CVE-2022-4696","sourceIdentifier":"cve-coordination@google.com","published":"2023-01-11T13:15:09.307","lastModified":"2024-11-21T07:35:45.190","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above\n"},{"lang":"es","value":"Existe una vulnerabilidad de use-after-free en el kernel de Linux a través de io_uring y la operación IORING_OP_SPLICE. Si a IORING_OP_SPLICE le falta el indicador IO_WQ_WORK_FILES, que indica que la operación no utilizará current->nsproxy, por lo que su contador de referencia no aumenta. Esta suposición no siempre es cierta, ya que llamar a io_splice en archivos específicos llamará a la función get_uts, que utilizará current->nsproxy, lo que provocará una disminución no válida de su contador de referencia y luego provocará la vulnerabilidad de use-after-free. Recomendamos actualizar a la versión 5.10.160 o superior"}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-763"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.12","matchCriteriaId":"8919F320-7EC7-47EF-AFA9-126CDF30AB7B"}]}]}],"references":[{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=75454b4bbfc7e6a4dd8338556f36ea9107ddf61a","source":"cve-coordination@google.com","tags":["Mailing List","Patch","Vendor Advisory"]},{"url":"https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a","source":"cve-coordination@google.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=75454b4bbfc7e6a4dd8338556f36ea9107ddf61a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Vendor Advisory"]},{"url":"https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230223-0003/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}