In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix use-after-free race condition for maps
It is possible that in between calling fastrpc_map_get() until
map->fl->lock is taken in fastrpc_free_map(), another thread can call
fastrpc_map_lookup() and get a reference to a map that is about to be
deleted.
Rewrite fastrpc_map_get() to only increase the reference count of a map
if it's non-zero. Propagate this to callers so they can know if a map is
about to be deleted.
Fixes this warning:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate
...
Call trace:
refcount_warn_saturate
[fastrpc_map_get inlined]
[fastrpc_map_lookup inlined]
fastrpc_map_create
fastrpc_internal_invoke
fastrpc_device_ioctl
__arm64_sys_ioctl
invoke_syscall
References
Configurations
Configuration 1 (hide)
|
History
06 Sep 2024, 14:30
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
CWE | CWE-416 | |
First Time |
Linux linux Kernel
Linux |
|
Summary |
|
|
CPE | cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* |
|
References | () https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907 - Patch | |
References | () https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4 - Patch | |
References | () https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1 - Patch | |
References | () https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb - Patch | |
References | () https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39 - Patch |
21 Aug 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-21 07:15
Updated : 2024-09-06 14:30
NVD link : CVE-2022-48872
Mitre link : CVE-2022-48872
CVE.ORG link : CVE-2022-48872
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free