CVE-2022-2585 Information

Description

It was discovered that when exec’ing from a non-leader thread armed POSIX CPU timers would be left on a list but freed leading to a use-after-free.

Reference

https://ubuntu.com/security/notices/USN-5566-1 https://ubuntu.com/security/notices/USN-5564-1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 https://ubuntu.com/security/notices/USN-5567-1 https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u https://www.openwall.com/lists/oss-security/2022/08/09/7 https://ubuntu.com/security/notices/USN-5565-1