CVE-2022-48742

June 20, 2024, 12:43 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one unrelated syzbot bug, I found the replay logic in __rtnl_newlink() to potentially trigger use-after-free. It is better to clear master_dev and m_ops inside the loop, in case we have to replay it.

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/2cf180360d66bd657e606c1217e0e668e6faa303
https://git.kernel.org/stable/c/36a9a0aee881940476b254e0352581401b23f210
https://git.kernel.org/stable/c/3bbe2019dd12b8d13671ee6cda055d49637b4c39
https://git.kernel.org/stable/c/7d9211678c0f0624f74cdff36117ab8316697bb8
https://git.kernel.org/stable/c/a01e60a1ec6bef9be471fb7182a33c6d6f124e93
https://git.kernel.org/stable/c/bd43771ee9759dd9dfae946bff190e2c5a120de5
https://git.kernel.org/stable/c/c6f6f2444bdbe0079e41914a35081530d0409963
https://git.kernel.org/stable/c/def5e7070079b2a214b3b1a2fbec623e6fbfe34a

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-06-20
CVE-2022-48742

Timeline

Published: June 20, 2024, 12:15 p.m.
Last Modified: June 20, 2024, 12:43 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.