CVE-2022-48872

Sept. 6, 2024, 2:30 p.m.

7.0
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup() and get a reference to a map that is about to be deleted. Rewrite fastrpc_map_get() to only increase the reference count of a map if it's non-zero. Propagate this to callers so they can know if a map is about to be deleted. Fixes this warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate ... Call trace: refcount_warn_saturate [fastrpc_map_get inlined] [fastrpc_map_lookup inlined] fastrpc_map_create fastrpc_internal_invoke fastrpc_device_ioctl __arm64_sys_ioctl invoke_syscall

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416
Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.2 rc1 / / / / / /
o linux linux_kernel 6.2 rc2 / / / / / /
o linux linux_kernel 6.2 rc3 / / / / / /
o linux linux_kernel 6.2 rc4 / / / / / /

References

https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907
https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4
https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1
https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb
https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-416
2024-08-21
CVE-2022-48872

CVSS Score

7.0 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: HIGH
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Aug. 21, 2024, 7:15 a.m.
Last Modified: Sept. 6, 2024, 2:30 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.