7.8

CVE-2022-48695

scsi: mpt3sas: Fix use-after-free warning

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpt3sas: Fix use-after-free warning

Fix the following use-after-free warning which is observed during
controller reset:

refcount_t: underflow; use-after-free.
WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.9.328
LinuxLinux Kernel Version >= 4.10 < 4.14.293
LinuxLinux Kernel Version >= 4.15 < 4.19.258
LinuxLinux Kernel Version >= 4.20 < 5.4.213
LinuxLinux Kernel Version >= 5.5 < 5.10.143
LinuxLinux Kernel Version >= 5.11 < 5.15.168
LinuxLinux Kernel Version >= 5.16 < 5.19.9
LinuxLinux Kernel Version6.0 Updaterc1
LinuxLinux Kernel Version6.0 Updaterc2
LinuxLinux Kernel Version6.0 Updaterc3
LinuxLinux Kernel Version6.0 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.149
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b
Patch
https://git.kernel.org/stable/c/5682c94644fde72f72bded6580c38189ffc856b5
Patch
https://git.kernel.org/stable/c/6229fa494a5949be209bc73afbc5d0a749c2e3c7
Patch
https://git.kernel.org/stable/c/82efb917eeb27454dc4c6fe26432fc8f6c75bc16
Patch
https://git.kernel.org/stable/c/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34
Patch
https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82
Patch
https://git.kernel.org/stable/c/d4959d09b76eb7a4146f5133962b88d3bddb63d6
Patch
https://git.kernel.org/stable/c/ea10a652ad2ae2cf3eced6f632a5c98f26727057
Patch