CVE-2022-48782

EPSS 0.04%
Published 16.07.2024 12:15:03
Last modified 21.11.2024 07:34:00
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

mctp: fix use after free

Clang static analysis reports this problem
route.c:425:4: warning: Use of memory after it is freed
  trace_mctp_key_acquire(key);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~
When mctp_key_add() fails, key is freed but then is later
used in trace_mctp_key_acquire().  Add an else statement
to use the key only when mctp_key_add() is successful.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.094

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e

Patch

Mailing List

https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b

Patch

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-48782

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48782

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48782

EUVD