1987 2022-08-25 15:18:51 +0000 [Anolis OS 8] Bugfix for CVE-2022-2959 2022-08-25 19:11:38 +0000 1 1 2 Anolis OS Anolis OS 8 BaseOS Packages 8.6 All Linux RESOLVED DUPLICATE 1953 CVE P3-Medium S3-normal --- 1 yongchao jacob.wang chenyuao.cya qingming.su --- oldest_to_newest 6832 0 yongchao 2022-08-25 15:18:51 +0000 A race condition was found in the Linux kernel's watch queue due to a missing lock in the pipe_resize_ring(). The race condition occurs when a thread uses ioctl(IOC_WATCH_QUEUE_SET_SIZE) to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl() to trigger a notification in the watch queue, calling post_one_notification() and accessing the freed pipe buffer. This flaw allows a local user to crash the system or escalate their privileges on the system. 6884 1 chenyuao.cya 2022-08-25 19:11:38 +0000 duplicate bugzilla(1953) *** This bug has been marked as a duplicate of bug 1953 ***