CVE-2022-48697

nvmet: fix a use-after-free

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350
Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460
Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]
Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e print_report.cold+0x36/0x1e2 kasan_report+0xb9/0xf0 __asan_load4+0x6b/0x80 blk_mq_complete_request_remote+0xac/0x350 nvme_loop_queue_response+0x1df/0x275 [nvme_loop] __nvmet_req_complete+0x132/0x4f0 [nvmet] nvmet_req_complete+0x15/0x40 [nvmet] nvmet_execute_io_connect+0x18a/0x1f0 [nvmet] nvme_loop_execute_work+0x20/0x30 [nvme_loop] process_one_work+0x56e/0xa70 worker_thread+0x2d1/0x640 kthread+0x183/0x1c0 ret_from_fork+0x1f/0x30

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet: corrige un use-after-free. Solucione la siguiente queja de use-after-free activada por blktests nvme/004: ERROR: KASAN: acceso a la memoria del usuario en blk_mq_complete_request_remote+0xac /0x350 Lectura de tamaño 4 en la dirección 0000607bd1835943 por tarea kworker/13:1/460 Cola de trabajo: nvmet-wq nvme_loop_execute_work [nvme_loop] Seguimiento de llamadas: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e /0x1e2 informe_kasan+0xb9 /0xf0 __asan_load4+0x6b/0x80 blk_mq_complete_request_remote+0xac/0x350 nvme_loop_queue_response+0x1df/0x275 [nvme_loop] __nvmet_req_complete+0x132/0x4f0 [nvmet_req_complete+0x15/0x 40 [nvmet] nvmet_execute_io_connect+0x18a/0x1f0 [nvmet] nvme_loop_execute_work+0x20/0x30 [ nvme_loop] proceso_one_work+0x56e/0xa70 trabajador_thread+0x2d1/0x640 kthread+0x183/0x1c0 ret_from_fork+0x1f/0x30

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350 Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460 Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop] Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e print_report.cold+0x36/0x1e2 kasan_report+0xb9/0xf0 __asan_load4+0x6b/0x80 blk_mq_complete_request_remote+0xac/0x350 nvme_loop_queue_response+0x1df/0x275 [nvme_loop] __nvmet_req_complete+0x132/0x4f0 [nvmet] nvmet_req_complete+0x15/0x40 [nvmet] nvmet_execute_io_connect+0x18a/0x1f0 [nvmet] nvme_loop_execute_work+0x20/0x30 [nvme_loop] process_one_work+0x56e/0xa70 worker_thread+0x2d1/0x640 kthread+0x183/0x1c0 ret_from_fork+0x1f/0x30

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-03 CVE Reserved
2024-05-03 CVE Published
2024-12-19 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/a07b4970f464f13640e28e16dad6cfa33647cc99	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/17f121ca3ec6be0fb32d77c7f65362934a38cc8e	2022-09-28
https://git.kernel.org/stable/c/8d66989b5f7bb28bba2f8e1e2ffc8bfef4a10717	2022-09-15
https://git.kernel.org/stable/c/be01f1c988757b95f11f090a9f491365670a522b	2022-09-15
https://git.kernel.org/stable/c/ebf46da50beb78066674354ad650606a467e33fa	2022-09-15
https://git.kernel.org/stable/c/4484ce97a78171668c402e0c45db7f760aea8060	2022-09-15
https://git.kernel.org/stable/c/6a02a61e81c231cc5c680c5dbf8665275147ac52	2022-09-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.19.260 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.19.260"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.4.213 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.4.213"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.10.143 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.10.143"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.15.68 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.15.68"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.19.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.19.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.0"		en		Affected