#VU104465 Use-after-free in Linux kernel - CVE-2022-49275


Vulnerability identifier: #VU104465

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49275

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the m_can_tx_handler() function in drivers/net/can/m_can/m_can.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/08d90846e438ac22dc56fc49ec0b0d195831c5ed
https://git.kernel.org/stable/c/2e8e79c416aae1de224c0f1860f2e3350fa171f8
https://git.kernel.org/stable/c/31417073493f302d26ab66b3abc098d43227b835
https://git.kernel.org/stable/c/4db7d6f481990dd179a9ee7126dc7aa31ea4fff3
https://git.kernel.org/stable/c/7728d937ec403a1ceff9483023252d2cb8777f81
https://git.kernel.org/stable/c/869016a2938ac44f7b2fb7fc22c89edad99eb9b3
https://git.kernel.org/stable/c/d3892a747ab16b1eb6593a19d29f62c3b3f020ac
https://git.kernel.org/stable/c/d93ed9aff64968f4cdad690712eb4f48ae537bde
https://git.kernel.org/stable/c/f43e64076ff1b1dcb893fb77ad1204105f710a29

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
SUSE update for the Linux Kernel
Use-after-free in Linux kernel can m_can driver