CVE-2022-48872

EPSS 0.02%
Published 21.08.2024 07:15:04
Last modified 06.09.2024 14:30:06
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: Fix use-after-free race condition for maps

It is possible that in between calling fastrpc_map_get() until
map->fl->lock is taken in fastrpc_free_map(), another thread can call
fastrpc_map_lookup() and get a reference to a map that is about to be
deleted.

Rewrite fastrpc_map_get() to only increase the reference count of a map
if it's non-zero. Propagate this to callers so they can know if a map is
about to be deleted.

Fixes this warning:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate
...
Call trace:
 refcount_warn_saturate
 [fastrpc_map_get inlined]
 [fastrpc_map_lookup inlined]
 fastrpc_map_create
 fastrpc_internal_invoke
 fastrpc_device_ioctl
 __arm64_sys_ioctl
 invoke_syscall

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.1 < 5.4.230

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.165

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.90

Linux ≫ Linux Kernel Version >= 5.16 < 6.2

Linux ≫ Linux Kernel Version6.2 Updaterc1

Linux ≫ Linux Kernel Version6.2 Updaterc2

Linux ≫ Linux Kernel Version6.2 Updaterc3

Linux ≫ Linux Kernel Version6.2 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.03

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907

Patch

https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4

Patch

https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1

Patch

https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb

Patch

https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-48872

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48872

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48872

EUVD