CVE-2022-49056

medium

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: abort file assignment prior to assigning creds We need to either restore creds properly if we fail on the file assignment, or just do the file assignment first instead. Let's do the latter as it's simpler, should make no difference here for file assignment.

References

https://git.kernel.org/stable/c/701521403cfb228536b3947035c8a6eca40d8e58

https://git.kernel.org/stable/c/262960775e0d2cdf97a3e33993e95e13175df4bb

Details

Source: Mitre, NVD

Published: 2025-02-26

Updated: 2025-02-26

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L