SB20240531184 - Use-after-free in Linux kernel mmc host driver
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240531184
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2022-48626)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the moxart_remove() function in drivers/mmc/host/moxart-mmc.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/f5dc193167591e88797262ec78515a0cbe79ff5f
- https://git.kernel.org/stable/c/e6f580d0b3349646d4ee1ce0057eb273e8fb7e2e
- https://git.kernel.org/stable/c/9c25d5ff1856b91bd4365e813f566cb59aaa9552
- https://git.kernel.org/stable/c/3a0a7ec5574b510b067cfc734b8bdb6564b31d4e
- https://git.kernel.org/stable/c/be93028d306dac9f5b59ebebd9ec7abcfc69c156
- https://git.kernel.org/stable/c/af0e6c49438b1596e4be8a267d218a0c88a42323
- https://git.kernel.org/stable/c/7f901d53f120d1921f84f7b9b118e87e94b403c5
- https://git.kernel.org/stable/c/bd2db32e7c3e35bd4d9b8bbff689434a50893546
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.266
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.301
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.100
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.179