High severity7.8NVD Advisory· Published Jan 11, 2023· Updated Jun 17, 2026
CVE-2022-4696
CVE-2022-4696
Description
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <5.10.160
Patches
Vulnerability mechanics
References
3- git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/nvdMailing ListPatchVendor Advisory
- kernel.dancenvdExploitThird Party Advisory
- security.netapp.com/advisory/ntap-20230223-0003/nvd
News mentions
0No linked articles in our index yet.