TROYANOSYVIRUS
Back to CVEs

CVE-2022-48872

HIGH
7.0

Description

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup() and get a reference to a map that is about to be deleted. Rewrite fastrpc_map_get() to only increase the reference count of a map if it's non-zero. Propagate this to callers so they can know if a map is about to be deleted. Fixes this warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate ... Call trace: refcount_warn_saturate [fastrpc_map_get inlined] [fastrpc_map_lookup inlined] fastrpc_map_create fastrpc_internal_invoke fastrpc_device_ioctl __arm64_sys_ioctl invoke_syscall

CVE Details

CVSS v3.1 Score7.0
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published8/21/2024
Last Modified9/6/2024
Sourcenvd
Honeypot Sightings0

Affected Products

linux:linux_kernel

Weaknesses (CWE)

CWE-416

References

https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.