CVE-2022-48821

EPSS 0.05%
Published 16.07.2024 12:15:06
Last modified 25.09.2025 19:36:51
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: avoid double fput() on failed usercopy

If the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF
ioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact,
dma_buf_fd() called fd_install() before, i.e. "consumed" one reference,
leaving us with none.

Calling dma_buf_put() will therefore put a reference we no longer own,
leading to a valid file descritor table entry for an already released
'file' object which is a straight use-after-free.

Simply avoid calling dma_buf_put() and rely on the process exit code to
do the necessary cleanup, if needed, i.e. if the file descriptor is
still valid.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.1 < 5.4.180

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.101

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.24

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.10

Linux ≫ Linux Kernel Version5.17 Updaterc1

Linux ≫ Linux Kernel Version5.17 Updaterc2

Linux ≫ Linux Kernel Version5.17 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.141

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34

Patch

https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215

Patch

https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc

Patch

https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5

Patch

https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-48821

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48821

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48821

EUVD