7.8
CVE-2022-49385
- EPSS 0.29%
- Veröffentlicht 26.02.2025 07:01:15
- Zuletzt bearbeitet 25.03.2025 14:58:25
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
driver: base: fix UAF when driver_attach failed
In the Linux kernel, the following vulnerability has been resolved: driver: base: fix UAF when driver_attach failed When driver_attach(drv); failed, the driver_private will be freed. But it has been added to the bus, which caused a UAF. To fix it, we need to delete it from the bus when failed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.9 < 5.4.198
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.122
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.47
Linux ≫ Linux Kernel Version >= 5.16 < 5.17.15
Linux ≫ Linux Kernel Version >= 5.18 < 5.18.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.207 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/310862e574001a97ad02272bac0fd13f75f42a27
https://git.kernel.org/stable/c/5389101257828d1913d713d9a40acbe14f5961df
https://git.kernel.org/stable/c/5d709f58c743166fe1c6914b9de0ae8868600d9b
https://git.kernel.org/stable/c/823f24f2e329babd0330200d0b74882516fe57f4
https://git.kernel.org/stable/c/c059665c84feab46b7173d3a1bf36c2fb7f9df86
https://git.kernel.org/stable/c/cdf1a683a01583bca4b618dd16223cbd6e462e21