Vulnerabilities > CVE-2022-48861 - Use After Free vulnerability in Linux Kernel

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

linux

CWE-416

NVD

Published: 2024-07-16

Updated: 2024-07-23

Summary

In the Linux kernel, the following vulnerability has been resolved: vdpa: fix use-after-free on vp_vdpa_remove When vp_vdpa driver is unbind, vp_vdpa is freed in vdpa_unregister_device and then vp_vdpa->mdev.pci_dev is dereferenced in vp_modern_remove, triggering use-after-free. Call Trace of unbinding driver free vp_vdpa : do_syscall_64 vfs_write kernfs_fop_write_iter device_release_driver_internal pci_device_remove vp_vdpa_remove vdpa_unregister_device kobject_release device_release kfree Call Trace of dereference vp_vdpa->mdev.pci_dev: vp_modern_remove pci_release_selected_regions pci_release_region pci_resource_len pci_resource_end (dev)->resource[(bar)].end

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 5.16 Linux Linux Kernel 5.16.0 Linux Linux Kernel 5.16.1 Linux Linux Kernel 5.16.2 Linux Linux Kernel 5.16.3 Linux Linux Kernel 5.16.4 Linux Linux Kernel 5.16.5 Linux Linux Kernel 5.16.6 Linux Linux Kernel 5.16.7 Linux Linux Kernel 5.16.8 Linux Linux Kernel 5.16.9 Linux Linux Kernel 5.16.10 Linux Linux Kernel 5.16.11 Linux Linux Kernel 5.16.12 Linux Linux Kernel 5.16.13 Linux Linux Kernel 5.16.14 Linux Linux Kernel 5.13 Linux Linux Kernel 5.13.0-52 Linux Linux Kernel 5.13.1 Linux Linux Kernel 5.13.2 Linux Linux Kernel 5.13.3 Linux Linux Kernel 5.13.4 Linux Linux Kernel 5.13.5 Linux Linux Kernel 5.13.6 Linux Linux Kernel 5.13.7 Linux Linux Kernel 5.13.8 Linux Linux Kernel 5.13.9 Linux Linux Kernel 5.13.10 Linux Linux Kernel 5.13.11 Linux Linux Kernel 5.13.12 Linux Linux Kernel 5.13.13 Linux Linux Kernel 5.13.14 Linux Linux Kernel 5.13.15 Linux Linux Kernel 5.13.16 Linux Linux Kernel 5.13.17 Linux Linux Kernel 5.13.18 Linux Linux Kernel 5.13.19 Linux Linux Kernel 5.14 Linux Linux Kernel 5.14.1 Linux Linux Kernel 5.14.2 Linux Linux Kernel 5.14.3 Linux Linux Kernel 5.14.4 Linux Linux Kernel 5.14.5 Linux Linux Kernel 5.14.6 Linux Linux Kernel 5.14.7 Linux Linux Kernel 5.14.8 Linux Linux Kernel 5.14.9 Linux Linux Kernel 5.14.10 Linux Linux Kernel 5.14.11 Linux Linux Kernel 5.14.12 Linux Linux Kernel 5.14.13 Linux Linux Kernel 5.14.14 Linux Linux Kernel 5.14.15 Linux Linux Kernel 5.14.16 Linux Linux Kernel 5.14.17 Linux Linux Kernel 5.14.18 Linux Linux Kernel 5.14.19 Linux Linux Kernel 5.14.20 Linux Linux Kernel 5.14.21 Linux Linux Kernel 5.15 Linux Linux Kernel 5.15.0 Linux Linux Kernel 5.15.0-58 Linux Linux Kernel 5.15.1 Linux Linux Kernel 5.15.2 Linux Linux Kernel 5.15.3 Linux Linux Kernel 5.15.4 Linux Linux Kernel 5.15.5 Linux Linux Kernel 5.15.6 Linux Linux Kernel 5.15.7 Linux Linux Kernel 5.15.8 Linux Linux Kernel 5.15.9 Linux Linux Kernel 5.15.10 Linux Linux Kernel 5.15.11 Linux Linux Kernel 5.15.12 Linux Linux Kernel 5.15.13 Linux Linux Kernel 5.15.14 Linux Linux Kernel 5.15.15 Linux Linux Kernel 5.15.16 Linux Linux Kernel 5.15.17 Linux Linux Kernel 5.15.18 Linux Linux Kernel 5.15.19 Linux Linux Kernel 5.15.20 Linux Linux Kernel 5.15.21 Linux Linux Kernel 5.15.22 Linux Linux Kernel 5.15.23 Linux Linux Kernel 5.15.24 Linux Linux Kernel 5.15.25 Linux Linux Kernel 5.15.26 Linux Linux Kernel 5.15.27 Linux Linux Kernel 5.15.28	118

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References