CVE-2022-48872

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup() and get a reference to a map that is about to be deleted. Rewrite fastrpc_map_get() to only increase the reference count of a map if it's non-zero. Propagate this to callers so they can know if a map is about to be deleted. Fixes this warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate ... Call trace: refcount_warn_saturate [fastrpc_map_get inlined] [fastrpc_map_lookup inlined] fastrpc_map_create fastrpc_internal_invoke fastrpc_device_ioctl __arm64_sys_ioctl invoke_syscall
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*

History

06 Sep 2024, 14:30

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.0
CWE CWE-416
First Time Linux linux Kernel
Linux
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: corrige la condición de ejecución de use-after-free para mapas. Es posible que entre llamadas a fastrpc_map_get() hasta que se tome map->fl->lock en fastrpc_free_map() , otro hilo puede llamar a fastrpc_map_lookup() y obtener una referencia a un mapa que está a punto de ser eliminado. Vuelva a escribir fastrpc_map_get() para aumentar solo el recuento de referencias de un mapa si no es cero. Propague esto a las personas que llaman para que puedan saber si un mapa está a punto de ser eliminado. Corrige esta advertencia: refcount_t: adición en 0; use-after-free. ADVERTENCIA: CPU: 5 PID: 10100 en lib/refcount.c:25 refcount_warn_saturate... Rastreo de llamadas: refcount_warn_saturate [fastrpc_map_get inlined] [fastrpc_map_lookup inlined] fastrpc_map_create fastrpc_internal_invoke fastrpc_device_ioctl __arm64_sys_ioctl invoke_sy llamar
CPE cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907 - () https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907 - Patch
References () https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4 - () https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4 - Patch
References () https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1 - () https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1 - Patch
References () https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb - () https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb - Patch
References () https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39 - () https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39 - Patch

21 Aug 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-21 07:15

Updated : 2024-09-06 14:30


NVD link : CVE-2022-48872

Mitre link : CVE-2022-48872

CVE.ORG link : CVE-2022-48872


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free