7.8

CVE-2022-49426

iommu/arm-smmu-v3-sva: Fix mm use-after-free

In the Linux kernel, the following vulnerability has been resolved:

iommu/arm-smmu-v3-sva: Fix mm use-after-free

We currently call arm64_mm_context_put() without holding a reference to
the mm, which can result in use-after-free. Call mmgrab()/mmdrop() to
ensure the mm only gets freed after we unpinned the ASID.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.11 < 5.15.46
LinuxLinux Kernel Version >= 5.16 < 5.17.14
LinuxLinux Kernel Version >= 5.18 < 5.18.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.2
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/9aa215450888cf29af0c479e14a712dc6b0c506c
Patch
https://git.kernel.org/stable/c/cbd23144f7662b00bcde32a938c4a4057e476d68
Patch
https://git.kernel.org/stable/c/e3cbbdbff8a4db5d053c53fd71be62ccccdb52b0
Patch
https://git.kernel.org/stable/c/fc90f13ea0dcd960e5002d204fa55cec4e0db2fa
Patch