FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- AIO credential reference count leak

Affected packages
13.0	<=	FreeBSD-kernel	<	13.0_12
12.3	<=	FreeBSD-kernel	<	12.3_6

Details

VuXML ID	5ddbe47b-1891-11ed-9b22-002590c1f29c
Discovery	2022-08-09
Entry	2022-08-10
Modified	2022-08-10

Problem Description:

The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.

Impact:

An attacker may cause the reference count to overflow, leading to a use after free (UAF).

References

CVE Name	CVE-2022-23090
FreeBSD Advisory	SA-22:10.aio

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.