Vulnerabilities > CVE-2022-1280 - Use After Free vulnerability in multiple products

CVSS 6.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

local

high complexity

linux

redhat

CWE-416

NVD

Published: 2022-04-13

Updated: 2022-04-20

Summary

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 5.17 Linux Linux Kernel 5.17.1 Linux Linux Kernel 5.17.2 Linux Linux Kernel 5.17.3 Linux Linux Kernel 5.17.4	13
OS	Redhat Redhat Enterprise Linux 8.0	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://bugzilla.redhat.com/show_bug.cgi?id=2071022
https://www.openwall.com/lists/oss-security/2022/04/12/3