CVE-2022-1419Use After Free in Kernel

CWE-416Use After FreeCWE-1419Incorrect Initialization of Resource14 documents6 sources
Severity
7.8HIGHNVD
OSV7.0OSV6.5
EPSS
0.1%
top 78.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxDebian Linux
Timeline
PublishedJun 2
Latest updateMar 27

Description

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/linux< linux 5.5.13-1 (bookworm)
NVDlinux/linux_kernel< 5.6+1
Debianlinux/linux_kernel< 5.5.13-1+3
Ubuntulinux/linux_kernel< 4.15.0-184.194+1
CVEListV5linux/linux_kernelkernel 5.x

Also affects: Debian Linux 10.0

🔴Vulnerability Details

6
OSV
linux-aws vulnerabilities2022-07-13
OSV
linux-lts-xenial, linux-kvm vulnerabilities2022-07-07
OSV
linux, linux-aws vulnerabilities2022-07-01
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2022-06-08
GHSA
GHSA-r5wp-fr43-744h: The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_ge2022-06-03

📋Vendor Advisories

7
Red Hat
kernel: f2fs: initialize locks earlier in f2fs_fill_super()2025-03-27
Ubuntu
Linux kernel (AWS) vulnerabilities2022-07-13
Ubuntu
Linux kernel vulnerabilities2022-07-07
Ubuntu
Linux kernel vulnerabilities2022-07-01
Ubuntu
Linux kernel vulnerabilities2022-06-08