CVE-2022-1280Use After Free in Kernel

CWE-416Use After Free6 documents6 sources
Severity
6.3MEDIUMNVD
EPSS
0.0%
top 94.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedApr 13
Latest updateApr 14

Description

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.0 | Impact: 5.2

Affected Packages3 packages

Debianlinux/linux_kernel< 5.15.3-1+2
NVDlinux/linux_kernel5.175.17.4
CVEListV5linux/linux_kernelkernel 5.17.x

Also affects: Enterprise Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-26c6-8j4f-jwqh: A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease2022-04-14
OSV
CVE-2022-1280: A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease2022-04-13
CVEList
CVE-2022-1280: A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease2022-04-13

📋Vendor Advisories

2
Red Hat
kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources2022-04-07
Debian
CVE-2022-1280: linux - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/dr...2022
CVE-2022-1280 — Use After Free in Linux Kernel | cvebase