7.8

CVE-2022-48787

iwlwifi: fix use-after-free

In the Linux kernel, the following vulnerability has been resolved:

iwlwifi: fix use-after-free

If no firmware was present at all (or, presumably, all of the
firmware files failed to parse), we end up unbinding by calling
device_release_driver(), which calls remove(), which then in
iwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. However
the new code I added will still erroneously access it after it
was freed.

Set 'failure=false' in this case to avoid the access, all data
was already freed anyway.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.14.263 < 4.14.268
LinuxLinux Kernel Version >= 4.19.226 < 4.19.231
LinuxLinux Kernel Version >= 5.4.174 < 5.4.181
LinuxLinux Kernel Version >= 5.10.94 < 5.10.102
LinuxLinux Kernel Version >= 5.15.17 < 5.15.25
LinuxLinux Kernel Version >= 5.16.3 < 5.16.11
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.151
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/008508c16af0087cda0394e1ac6f0493b01b6063
Patch
https://git.kernel.org/stable/c/494de920d98f125b099f27a2d274850750aff957
Patch
https://git.kernel.org/stable/c/7d6475179b85a83186ccce59cdc359d4f07d0bcb
Patch
https://git.kernel.org/stable/c/9958b9cbb22145295ee1ffaea0904c383da2c05d
Patch
https://git.kernel.org/stable/c/bea2662e7818e15d7607d17d57912ac984275d94
Patch
https://git.kernel.org/stable/c/d3b98fe36f8a06ce654049540773256ab59cb53d
Patch
https://git.kernel.org/stable/c/ddd46059f7d99119b62d44c519df7a79f2e6a515
Patch