CVE-2022-48854
net: arc_emac: Fix use after free in arc_mdio_probe()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
net: arc_emac: Fix use after free in arc_mdio_probe()
If bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will free
the "bus". But bus->name is still used in the next line, which will lead
to a use after free.
We can fix it by putting the name in a local variable and make the
bus->name point to the rodata section "name",then use the name in the
error message without referring to bus to avoid the uaf.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: arc_emac: corrige el use after free en arc_mdio_probe() Si bus->state es igual a MDIOBUS_ALLOCATED, mdiobus_free(bus) liberará el "bus". Pero bus->name todavía se usa en la siguiente línea, lo que conducirá a un uso posterior a free. Podemos solucionarlo poniendo el nombre en una variable local y haciendo que bus->nombre apunte a la sección "nombre" de rodata, luego use el nombre en el mensaje de error sin hacer referencia al bus para evitar el uaf.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-16 CVE Reserved
- 2024-07-16 CVE Published
- 2024-07-17 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/95b5fc03c189e4ea5c63785274cc0b77fcc3a818 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.kernel.org/stable/c/84c831803785c2c3bec5c28c0e8a0b72f6b41d4d | 2022-03-16 | |
https://git.kernel.org/stable/c/bc0e610a6eb0d46e4123fafdbe5e6141d9fff3be | 2022-03-10 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.16 < 5.16.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 5.16.15" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.16 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 5.17" | en |
Affected
|