#VU104441 Use-after-free in Linux kernel - CVE-2022-49700


Vulnerability identifier: #VU104441

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49700

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the next_tid() function in mm/slub.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0515cc9b6b24877f59b222ade704bfaa42caa2a6
https://git.kernel.org/stable/c/197e257da473c725dfe47759c3ee02f2398d8ea5
https://git.kernel.org/stable/c/308c6d0e1f200fd26c71270c6e6bfcf0fc6ff082
https://git.kernel.org/stable/c/6c32496964da0dc230cea763a0e934b2e02dabd5
https://git.kernel.org/stable/c/d6a597450e686d4c6388bd3cdcb17224b4dae7f0
https://git.kernel.org/stable/c/e2b2f0e2e34d71ae6c2a1114fd3c525930e84bc7
https://git.kernel.org/stable/c/e7e3e90d671078455a3a08189f89d85b3da2de9e
https://git.kernel.org/stable/c/eeaa345e128515135ccb864c04482180c08e3259

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Use-after-free in Linux kernel mm