CVE-2022-50095

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> posix-cpu-timers: Cleanup CPU timers before freeing them during exec<br /> <br /> Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a<br /> task") started looking up tasks by PID when deleting a CPU timer.<br /> <br /> When a non-leader thread calls execve, it will switch PIDs with the leader<br /> process. Then, as it calls exit_itimers, posix_cpu_timer_del cannot find<br /> the task because the timer still points out to the old PID.<br /> <br /> That means that armed timers won&amp;#39;t be disarmed, that is, they won&amp;#39;t be<br /> removed from the timerqueue_list. exit_itimers will still release their<br /> memory, and when that list is later processed, it leads to a<br /> use-after-free.<br /> <br /> Clean up the timers from the de-threaded task before freeing them. This<br /> prevents a reported use-after-free.