7.8
CVE-2022-48821
- EPSS 0.27%
- Veröffentlicht 16.07.2024 12:15:06
- Zuletzt bearbeitet 25.09.2025 19:36:51
- CVE-Watchlists
- Unerledigt
misc: fastrpc: avoid double fput() on failed usercopy
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput() on failed usercopy If the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF ioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact, dma_buf_fd() called fd_install() before, i.e. "consumed" one reference, leaving us with none. Calling dma_buf_put() will therefore put a reference we no longer own, leading to a valid file descritor table entry for an already released 'file' object which is a straight use-after-free. Simply avoid calling dma_buf_put() and rely on the process exit code to do the necessary cleanup, if needed, i.e. if the file descriptor is still valid.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.1 < 5.4.180
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.101
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.24
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.10
Linux ≫ Linux Kernel Version5.17 Updaterc1
Linux ≫ Linux Kernel Version5.17 Updaterc2
Linux ≫ Linux Kernel Version5.17 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.185 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34
https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215
https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc
https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5
https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d