CVE-2022-48787

July 16, 2024, 1:43 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: fix use-after-free If no firmware was present at all (or, presumably, all of the firmware files failed to parse), we end up unbinding by calling device_release_driver(), which calls remove(), which then in iwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. However the new code I added will still erroneously access it after it was freed. Set 'failure=false' in this case to avoid the access, all data was already freed anyway.

Product(s) Impacted

Product Versions
Linux Kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/008508c16af0087cda0394e1ac6f0493b01b6063
https://git.kernel.org/stable/c/494de920d98f125b099f27a2d274850750aff957
https://git.kernel.org/stable/c/7d6475179b85a83186ccce59cdc359d4f07d0bcb
https://git.kernel.org/stable/c/9958b9cbb22145295ee1ffaea0904c383da2c05d
https://git.kernel.org/stable/c/bea2662e7818e15d7607d17d57912ac984275d94
https://git.kernel.org/stable/c/d3b98fe36f8a06ce654049540773256ab59cb53d
https://git.kernel.org/stable/c/ddd46059f7d99119b62d44c519df7a79f2e6a515

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-07-16
CVE-2022-48787

Timeline

Published: July 16, 2024, 12:15 p.m.
Last Modified: July 16, 2024, 1:43 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.