CVE-2022-49056

NameCVE-2022-49056
DescriptionIn the Linux kernel, the following vulnerability has been resolved: io_uring: abort file assignment prior to assigning creds We need to either restore creds properly if we fail on the file assignment, or just do the file assignment first instead. Let's do the latter as it's simpler, should make no difference here for file assignment.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1fixed
bullseye (security)5.10.234-1fixed
bookworm6.1.129-1fixed
bookworm (security)6.1.128-1fixed
trixie6.12.20-1fixed
sid6.12.21-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebullseye(not affected)
linuxsource(unstable)5.17.6-1

Notes

[bullseye] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/701521403cfb228536b3947035c8a6eca40d8e58 (5.18-rc3)
Search for package or bug name: Reporting problems