CVE-2022-2602: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability (CVE-2022-2602) was discovered in the io_uring subsystem of the Linux kernel, involving Unix SCM garbage collection. The vulnerability was identified by David Bouman and Billy Jheng Bing Jhong and affects Linux kernel versions up to 6.0.19. This use-after-free vulnerability impacts various Linux distributions including Ubuntu 18.04 LTS, 20.04 LTS, and 22.04 LTS (Ubuntu Security).

The vulnerability is classified as a use-after-free (CWE-416) issue that occurs due to a race condition between an io_uring request and the Unix socket garbage collector. The CVSS v3.1 base score is 7.0 HIGH according to NVD assessment (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), while Canonical Ltd. assessed it with a score of 5.3 MEDIUM (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H) (NVD Database).

The vulnerability can be exploited by a local attacker to cause a denial of service (system crash) or potentially execute arbitrary code on the affected system (Ubuntu Security, Ubuntu Security).

The vulnerability has been fixed in multiple Linux distributions. Ubuntu has released security updates for affected versions: Ubuntu 20.04 LTS (linux-image-5.4.0-131-generic - 5.4.0-131.147), Ubuntu 22.04 LTS (linux-image-5.15.0-52-generic - 5.15.0-52.58), and Ubuntu 18.04 ESM. Users are advised to update their systems with the latest security patches (Ubuntu Security, Ubuntu Security).