FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- AIO credential reference count leak

Affected packages
13.0 <= FreeBSD-kernel < 13.0_12
12.3 <= FreeBSD-kernel < 12.3_6


VuXML ID 5ddbe47b-1891-11ed-9b22-002590c1f29c
Discovery 2022-08-09
Entry 2022-08-10
Modified 2022-08-10

Problem Description:

The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.


An attacker may cause the reference count to overflow, leading to a use after free (UAF).


CVE Name CVE-2022-23090
FreeBSD Advisory SA-22:10.aio