#VU104469 Use-after-free in Linux kernel - CVE-2022-49114

Vulnerability identifier: #VU104469

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49114

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fc_exch_abts_resp() function in drivers/scsi/libfc/fc_exch.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/1d7effe5fff9d28e45e18ac3a564067c7ddfe898
https://git.kernel.org/stable/c/271add11994ba1a334859069367e04d2be2ebdd4
https://git.kernel.org/stable/c/412dd8299b02e4410fe77b8396953c1a8dde183a
https://git.kernel.org/stable/c/499d198494e77b6533251b9b909baf5c101129cb
https://git.kernel.org/stable/c/4a131d4ea8b581ac9b01d3a72754db4848be3232
https://git.kernel.org/stable/c/5cf2ce8967b0d98c8cfa4dc42ef4fcf080f5c836
https://git.kernel.org/stable/c/6044ad64f41c87382cfeeca281573d1886d80cbe
https://git.kernel.org/stable/c/87909291762d08fdb60d19069d7a89b5b308d0ef
https://git.kernel.org/stable/c/f581df412bc45c95176e3c808ee2839c05b2ab0c

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.