5.5
CVE-2022-48911
- EPSS 0.01%
- Published 22.08.2024 02:15:05
- Last modified 12.09.2024 13:24:58
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Open
LoginIn the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet and need to indicate an error. The packet will be dropped by the caller. v2: split skb prefetch hunk into separate change
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.29 < 4.9.305
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.270
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.233
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.183
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.104
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.27
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.13
Linux ≫ Linux Kernel Version5.17 Updaterc1
Linux ≫ Linux Kernel Version5.17 Updaterc2
Linux ≫ Linux Kernel Version5.17 Updaterc3
Linux ≫ Linux Kernel Version5.17 Updaterc4
Linux ≫ Linux Kernel Version5.17 Updaterc5
Linux ≫ Linux Kernel Version5.17 Updaterc6
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.013 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.