#VU90175 Use-after-free in Linux kernel


Vulnerability identifier: #VU90175

Vulnerability risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48686

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3
http://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff
http://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5
http://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886
http://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
Red Hat Enterprise Linux 8 update for kernel
SUSE update for the Linux Kernel
openEuler 22.03 LTS SP1 update for kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel