CVE-2022-48873

misc: fastrpc: Don't remove map on creater_process and device_release

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: Don't remove map on creater_process and device_release

Do not remove the map from the list on error path in
fastrpc_init_create_process, instead call fastrpc_map_put, to avoid
use-after-free. Do not remove it on fastrpc_device_release either,
call fastrpc_map_put instead.

The fastrpc_free_map is the only proper place to remove the map.
This is called only after the reference count is 0.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-16 CVE Reserved
2024-08-21 CVE Published
2024-09-07 EPSS Updated
2024-09-12 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/b49f6d83e290f17e20f4e5cf31288d3bb4955ea6	Vuln. Introduced
https://git.kernel.org/stable/c/aaf5aa44934ad069cac805923c49f6968b9a0d49	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4b5c44e924a571d0ad07054de549624fbc04e4d7	2023-01-24
https://git.kernel.org/stable/c/193cd853145b63e670bd73740250983af1475330	2023-01-24
https://git.kernel.org/stable/c/1b7b7bb400dd13dcb03fc6e591bb7ca4664bbec8	2023-01-24
https://git.kernel.org/stable/c/35ddd482345c43d9eec1f3406c0f20a95ed4054b	2023-01-24
https://git.kernel.org/stable/c/5bb96c8f9268e2fdb0e5321cbc358ee5941efc15	2023-01-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.4.230 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.4.230"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.10.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.10.165"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.15.90 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.15.90"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 6.1.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 6.1.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 6.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.1.6 Search vendor "Linux" for product "Linux Kernel" and version "5.1.6"		en		Affected