CVE-2022-48899

MEDIUM EPSS 14.1%
Published Aug 21, 20241y ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Aug 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done *after* we are done dereferencing the object.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥4.4  –  <4.19.270
linuxlinux_kernel*≥4.20  –  <5.4.229
linuxlinux_kernel*≥5.5  –  <5.10.164
linuxlinux_kernel*≥5.11  –  <5.15.89
linuxlinux_kernel*≥5.16  –  <6.1.7
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/011ecdbcd520c90c344b872ca6b4821f7783b2f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/19ec87d06acfab2313ee82b2a689bf0c154e57ea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/52531258318ed59a2dc5a43df2eaf0eb1d65438e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/68bcd063857075d2f9edfed6024387ac377923e2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/adc48e5e408afbb01d261bd303fd9fbbbaa3e317
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d01d6d2b06c0d8390adf8f3ba08aa60b5642ef73
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/011ecdbcd520c90c344b872ca6b4821f7783b2f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/19ec87d06acfab2313ee82b2a689bf0c154e57ea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/52531258318ed59a2dc5a43df2eaf0eb1d65438e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/68bcd063857075d2f9edfed6024387ac377923e2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/adc48e5e408afbb01d261bd303fd9fbbbaa3e317
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d01d6d2b06c0d8390adf8f3ba08aa60b5642ef73
    Patch