CVE-2022-4696

Name	CVE-2022-4696
Description	There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3349-1, DSA-5324-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	buster	4.19.249-2	fixed
	buster (security)	4.19.304-1	fixed
	bullseye	5.10.209-2	fixed
	bullseye (security)	5.10.216-1	fixed
	bookworm	6.1.76-1	fixed
	bookworm (security)	6.1.90-1	fixed
	sid, trixie	6.7.12-1	fixed
linux-5.10 (PTS)	buster (security)	5.10.216-1~deb10u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
linux	source	buster	(not affected)
linux	source	bullseye	5.10.162-1	DSA-5324-1
linux	source	(unstable)	5.14.6-1
linux-5.10	source	buster	5.10.162-1~deb10u1	DLA-3349-1

[buster] - linux <not-affected> (Vulnerable code not present)
https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a