An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
References
Link | Resource |
---|---|
https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2022/dsa-5257 | Third Party Advisory |
Configurations
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-362 |
21 Nov 2022, 19:44
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html - Mailing List, Third Party Advisory |
01 Nov 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5257 - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
19 Oct 2022, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
13 Sep 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 - Patch, Third Party Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | CWE-416 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
09 Sep 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-09 05:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-40307
Mitre link : CVE-2022-40307
CVE.ORG link : CVE-2022-40307
JSON object : View
Products Affected
debian
- debian_linux
linux
- linux_kernel
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')