Use-after-free vulnerability in POSIX CPU timers when exec'ing from a non-leader thread

Use-after-free vulnerability in POSIX CPU timers when exec'ing from a non-leader thread

CVE-2022-2585 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

Learn more about our Web Application Penetration Testing UK.