-
CVE-2022-50697
- EPSS 0.06%
- Veröffentlicht 24.12.2025 10:55:13
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
mrp: introduce active flags to prevent UAF when applicant uninit
In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of del_timer_sync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be successful. And syzbot report the fellowing crash: ================================================================== BUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline] BUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605 Write at addr f9ff000024df6058 by task syz-fuzzer/2256 Pointer tag: [f9], memory tag: [fe] CPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008- ge01d50cbd6ee #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156 dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline] show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x1a8/0x4a0 mm/kasan/report.c:395 kasan_report+0x94/0xb4 mm/kasan/report.c:495 __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320 do_bad_area arch/arm64/mm/fault.c:473 [inline] do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367 el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427 el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576 hlist_add_head include/linux/list.h:929 [inline] enqueue_timer+0x18/0xa4 kernel/time/timer.c:605 mod_timer+0x14/0x20 kernel/time/timer.c:1161 mrp_periodic_timer_arm net/802/mrp.c:614 [inline] mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627 call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474 expire_timers+0x98/0xc4 kernel/time/timer.c:1519 To fix it, we can introduce a new active flags to make sure the timer will not restart.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
febf018d22347b5df94066bca05d0c11a84e839d
Version <
98f53e591940e4c3818be358c5dc684d5b30cb56
Status
affected
Version
febf018d22347b5df94066bca05d0c11a84e839d
Version <
aacffc1a8dbf67c5463cb4f67b37143c01ca6fa9
Status
affected
Version
febf018d22347b5df94066bca05d0c11a84e839d
Version <
78d48bc41f7726113c9f114268d3ab11212814da
Status
affected
Version
febf018d22347b5df94066bca05d0c11a84e839d
Version <
aadb1507a77b060c529edfeaf67f803e31461f24
Status
affected
Version
febf018d22347b5df94066bca05d0c11a84e839d
Version <
755eb0879224ffc2a43de724554aeaf0e51e5a64
Status
affected
Version
febf018d22347b5df94066bca05d0c11a84e839d
Version <
5d5a481a7fd0234f617535dc464ea010804a1129
Status
affected
Version
febf018d22347b5df94066bca05d0c11a84e839d
Version <
1a185fe83c2a60c1e3596fb9d82dbeb148dc09c6
Status
affected
Version
febf018d22347b5df94066bca05d0c11a84e839d
Version <
563e45fd5046045cc194af3ba17f5423e1c98170
Status
affected
Version
febf018d22347b5df94066bca05d0c11a84e839d
Version <
ab0377803dafc58f1e22296708c1c28e309414d6
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
3.9
Status
affected
Version
0
Version <
3.9
Status
unaffected
Version <=
4.9.*
Version
4.9.337
Status
unaffected
Version <=
4.14.*
Version
4.14.303
Status
unaffected
Version <=
4.19.*
Version
4.19.270
Status
unaffected
Version <=
5.4.*
Version
5.4.229
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.86
Status
unaffected
Version <=
6.0.*
Version
6.0.16
Status
unaffected
Version <=
6.1.*
Version
6.1.2
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.196 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|