CVE-2022-0487Use After Free in Kernel

CWE-416Use After Free12 documents8 sources
Severity
5.5MEDIUMNVD
OSV5.9
EPSS
0.1%
top 84.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxRedhat Enterprise Linux
Timeline
PublishedFeb 4
Latest updateApr 12

Description

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 5.10.103-1+3
Ubuntulinux/linux_kernel< 4.4.0-239.273
NVDlinux/linux_kernel5.13.19
CVEListV5linux/linux_kernelkernel 5.14 rc1

Also affects: Debian Linux 11.0, 9.0, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
OSV
linux, linux-kvm, linux-lts-xenial vulnerabilities2023-04-12
OSV
linux-aws vulnerabilities2023-04-06
GHSA
GHSA-g6g9-f4gj-gxqv: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms2022-02-10
CVEList
CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms2022-02-04
OSV
CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms2022-02-04

📋Vendor Advisories

6
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-12
Ubuntu
Linux kernel vulnerabilities2023-04-12
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-06
Microsoft
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw a local attacker with a user privilege may impac2022-02-08
Red Hat
kernel: use after free in moxart_remove2022-01-11
CVE-2022-0487 — Use After Free in Linux Kernel | cvebase