#VU104414 Use-after-free in Linux kernel - CVE-2022-49493


Vulnerability identifier: #VU104414

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49493

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rt5645_i2c_remove() function in sound/soc/codecs/rt5645.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/061a6159cea583f1155f67d1915917a6b9282662
https://git.kernel.org/stable/c/0941150100173d4eaf3fe08ff4b16740e7c3026f
https://git.kernel.org/stable/c/1a5a3dfd9f172dcb115072f0aea5e27d3083c20e
https://git.kernel.org/stable/c/236d29c5857f02e0a53fdf15d3dce1536c4322ce
https://git.kernel.org/stable/c/2def44d3aec59e38d2701c568d65540783f90f2f
https://git.kernel.org/stable/c/453f0920ffc1a28e28ddb9c3cd5562472b2895b0
https://git.kernel.org/stable/c/7d801e807536a9a9c2146c5f4a5836f154517ed3
https://git.kernel.org/stable/c/88c09e4812d72c3153afc8e5a45ecac2d0eae3ff
https://git.kernel.org/stable/c/abe7554da62cb489712a54de69ef5665c250e564

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Use-after-free in Linux kernel soc codecs