CVE-2022-48872

HIGH EPSS 15.2%
Published Aug 21, 20241y ago · Modified Jun 17, 20261w ago
7.0 CVSS 3.1
High
Find Similar
Published Aug 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup() and get a reference to a map that is about to be deleted. Rewrite fastrpc_map_get() to only increase the reference count of a map if it's non-zero. Propagate this to callers so they can know if a map is about to be deleted. Fixes this warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate ... Call trace: refcount_warn_saturate [fastrpc_map_get inlined] [fastrpc_map_lookup inlined] fastrpc_map_create fastrpc_internal_invoke fastrpc_device_ioctl __arm64_sys_ioctl invoke_syscall

CVSS Details

Base Score
7.0
Exploitability
1.0
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
15.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥5.1  –  <5.4.230
linuxlinux_kernel*≥5.5  –  <5.10.165
linuxlinux_kernel*≥5.11  –  <5.15.90
linuxlinux_kernel*≥5.16  –  <6.2
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39
    Patch