7.8

CVE-2022-49811

drbd: use after free in drbd_create_device()

In the Linux kernel, the following vulnerability has been resolved:

drbd: use after free in drbd_create_device()

The drbd_destroy_connection() frees the "connection" so use the _safe()
iterator to prevent a use after free.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.15 < 4.14.300
LinuxLinux Kernel Version >= 4.15 < 4.19.267
LinuxLinux Kernel Version >= 4.20 < 5.4.225
LinuxLinux Kernel Version >= 5.5 < 5.10.156
LinuxLinux Kernel Version >= 5.11 < 5.15.80
LinuxLinux Kernel Version >= 5.16 < 6.0.10
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
LinuxLinux Kernel Version6.1 Updaterc3
LinuxLinux Kernel Version6.1 Updaterc4
LinuxLinux Kernel Version6.1 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.094
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/fc1897f16ebcfd22364f2afcc27f53a740f3bc7a
Patch
https://git.kernel.org/stable/c/bf47ca1b35fc1f55091ffaff5fbe41ea0c6f59a1
Patch
https://git.kernel.org/stable/c/813a8dd9c45fd46f5cbbfbedf0791afa7740ccf5
Patch
https://git.kernel.org/stable/c/9ed51414aef6e59e832e2960f10766dce2d5b1a1
Patch
https://git.kernel.org/stable/c/7d93417d596402ddd46bd76c721f205d09d0d025
Patch
https://git.kernel.org/stable/c/c2a00b149836d60c222930bbea6b2139caf34d4f
Patch
https://git.kernel.org/stable/c/a7a1598189228b5007369a9622ccdf587be0730f
Patch