#VU104448 Use-after-free in Linux kernel - CVE-2022-49337
Vulnerability identifier: #VU104448
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the spin_lock() and user_dlm_destroy_lock() functions in fs/ocfs2/dlmfs/userdlm.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/02480e2e82ae0e5588374bbbcf4fa6e4959fa174
https://git.kernel.org/stable/c/1434cd71ad9f3a6beda3036972983b6c4869207c
https://git.kernel.org/stable/c/2c5e26a626fe46675bceba853e12aaf13c712e10
https://git.kernel.org/stable/c/337e36550788dbe03254f0593a231c1c4873b20d
https://git.kernel.org/stable/c/733a35c00ef363a1c774d7ea486e0735b7c13a15
https://git.kernel.org/stable/c/82bf8e7271fade40184177cb406203addc34c4a0
https://git.kernel.org/stable/c/863e0d81b6683c4cbc588ad831f560c90e494bef
https://git.kernel.org/stable/c/9c96238fac045b289993d7bc5aae7b2d72b25c76
https://git.kernel.org/stable/c/efb54ec548829e1d3605f0434526f86e345b1b28
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
