CVE-2022-48742

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-48742
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one unrelated syzbot bug, I found the replay logic in __rtnl_newlink() to potentially trigger use-after-free. It is better to clear master_dev and m_ops inside the loop, in case we have to replay it.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/2cf180360d66bd657e606c1217e0e668e6faa303 Mailing List Patch
https://git.kernel.org/stable/c/36a9a0aee881940476b254e0352581401b23f210 Mailing List Patch
https://git.kernel.org/stable/c/3bbe2019dd12b8d13671ee6cda055d49637b4c39 Mailing List Patch
https://git.kernel.org/stable/c/7d9211678c0f0624f74cdff36117ab8316697bb8 Mailing List Patch
https://git.kernel.org/stable/c/a01e60a1ec6bef9be471fb7182a33c6d6f124e93 Mailing List Patch
https://git.kernel.org/stable/c/bd43771ee9759dd9dfae946bff190e2c5a120de5 Mailing List Patch
https://git.kernel.org/stable/c/c6f6f2444bdbe0079e41914a35081530d0409963 Mailing List Patch
https://git.kernel.org/stable/c/def5e7070079b2a214b3b1a2fbec623e6fbfe34a Mailing List Patch
https://git.kernel.org/stable/c/2cf180360d66bd657e606c1217e0e668e6faa303 Mailing List Patch
https://git.kernel.org/stable/c/36a9a0aee881940476b254e0352581401b23f210 Mailing List Patch
https://git.kernel.org/stable/c/3bbe2019dd12b8d13671ee6cda055d49637b4c39 Mailing List Patch
https://git.kernel.org/stable/c/7d9211678c0f0624f74cdff36117ab8316697bb8 Mailing List Patch
https://git.kernel.org/stable/c/a01e60a1ec6bef9be471fb7182a33c6d6f124e93 Mailing List Patch
https://git.kernel.org/stable/c/bd43771ee9759dd9dfae946bff190e2c5a120de5 Mailing List Patch
https://git.kernel.org/stable/c/c6f6f2444bdbe0079e41914a35081530d0409963 Mailing List Patch
https://git.kernel.org/stable/c/def5e7070079b2a214b3b1a2fbec623e6fbfe34a Mailing List Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

21 Nov 2024, 07:33

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/2cf180360d66bd657e606c1217e0e668e6faa303 - Mailing List, Patch () https://git.kernel.org/stable/c/2cf180360d66bd657e606c1217e0e668e6faa303 - Mailing List, Patch
References () https://git.kernel.org/stable/c/36a9a0aee881940476b254e0352581401b23f210 - Mailing List, Patch () https://git.kernel.org/stable/c/36a9a0aee881940476b254e0352581401b23f210 - Mailing List, Patch
References () https://git.kernel.org/stable/c/3bbe2019dd12b8d13671ee6cda055d49637b4c39 - Mailing List, Patch () https://git.kernel.org/stable/c/3bbe2019dd12b8d13671ee6cda055d49637b4c39 - Mailing List, Patch
References () https://git.kernel.org/stable/c/7d9211678c0f0624f74cdff36117ab8316697bb8 - Mailing List, Patch () https://git.kernel.org/stable/c/7d9211678c0f0624f74cdff36117ab8316697bb8 - Mailing List, Patch
References () https://git.kernel.org/stable/c/a01e60a1ec6bef9be471fb7182a33c6d6f124e93 - Mailing List, Patch () https://git.kernel.org/stable/c/a01e60a1ec6bef9be471fb7182a33c6d6f124e93 - Mailing List, Patch
References () https://git.kernel.org/stable/c/bd43771ee9759dd9dfae946bff190e2c5a120de5 - Mailing List, Patch () https://git.kernel.org/stable/c/bd43771ee9759dd9dfae946bff190e2c5a120de5 - Mailing List, Patch
References () https://git.kernel.org/stable/c/c6f6f2444bdbe0079e41914a35081530d0409963 - Mailing List, Patch () https://git.kernel.org/stable/c/c6f6f2444bdbe0079e41914a35081530d0409963 - Mailing List, Patch
References () https://git.kernel.org/stable/c/def5e7070079b2a214b3b1a2fbec623e6fbfe34a - Mailing List, Patch () https://git.kernel.org/stable/c/def5e7070079b2a214b3b1a2fbec623e6fbfe34a - Mailing List, Patch

20 Aug 2024, 13:44

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
References () https://git.kernel.org/stable/c/2cf180360d66bd657e606c1217e0e668e6faa303 - () https://git.kernel.org/stable/c/2cf180360d66bd657e606c1217e0e668e6faa303 - Mailing List, Patch
References () https://git.kernel.org/stable/c/36a9a0aee881940476b254e0352581401b23f210 - () https://git.kernel.org/stable/c/36a9a0aee881940476b254e0352581401b23f210 - Mailing List, Patch
References () https://git.kernel.org/stable/c/3bbe2019dd12b8d13671ee6cda055d49637b4c39 - () https://git.kernel.org/stable/c/3bbe2019dd12b8d13671ee6cda055d49637b4c39 - Mailing List, Patch
References () https://git.kernel.org/stable/c/7d9211678c0f0624f74cdff36117ab8316697bb8 - () https://git.kernel.org/stable/c/7d9211678c0f0624f74cdff36117ab8316697bb8 - Mailing List, Patch
References () https://git.kernel.org/stable/c/a01e60a1ec6bef9be471fb7182a33c6d6f124e93 - () https://git.kernel.org/stable/c/a01e60a1ec6bef9be471fb7182a33c6d6f124e93 - Mailing List, Patch
References () https://git.kernel.org/stable/c/bd43771ee9759dd9dfae946bff190e2c5a120de5 - () https://git.kernel.org/stable/c/bd43771ee9759dd9dfae946bff190e2c5a120de5 - Mailing List, Patch
References () https://git.kernel.org/stable/c/c6f6f2444bdbe0079e41914a35081530d0409963 - () https://git.kernel.org/stable/c/c6f6f2444bdbe0079e41914a35081530d0409963 - Mailing List, Patch
References () https://git.kernel.org/stable/c/def5e7070079b2a214b3b1a2fbec623e6fbfe34a - () https://git.kernel.org/stable/c/def5e7070079b2a214b3b1a2fbec623e6fbfe34a - Mailing List, Patch
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rtnetlink: asegúrese de actualizar master_dev/m_ops en __rtnl_newlink() Mientras observaba un error de syzbot no relacionado, encontré la lógica de reproducción en __rtnl_newlink() para activar potencialmente el use-after-free. Es mejor borrar master_dev y m_ops dentro del bucle, en caso de que tengamos que reproducirlo.
First Time Linux linux Kernel
Linux
CWE CWE-416

20 Jun 2024, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-20 12:15

Updated : 2024-11-21 07:33

NVD link : CVE-2022-48742

Mitre link : CVE-2022-48742

CVE.ORG link : CVE-2022-48742

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024