CVE-2022-1652 — Use After Free in Kernel

CWE-416 — Use After Free CWE-20 — Improper Input Validation32 documents10 sources

Severity

7.8HIGHNVD

OSV7.0OSV4.4CISA7.2

EPSS

0.1%

top 65.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedJun 2

Latest updateApr 13

Description

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel2.6.12 — 4.9.316+6

▶Debianlinux/linux_kernel< 5.10.120-1+3

▶Ubuntulinux/linux_kernel< 4.15.0-191.202+3

▶CVEListV5linux/linux_kernelLinux Kernel through 5.17.5

Also affects: Debian Linux 10.0, Enterprise Linux 9.0

🔴Vulnerability Details

OSV

linux-azure-fde vulnerabilities↗2022-08-25

▶

OSV

linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2022-08-10

▶

OSV

linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2022-08-10

▶

OSV

linux-intel-iotg vulnerabilities↗2022-08-10

▶

OSV

linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities↗2022-08-10

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE XCM332↗2023-04-13

▶

CISA ICS

Siemens SCALANCE, RUGGEDCOM Third-Party↗2023-03-16

▶

Ubuntu

Linux kernel (Azure CVM) vulnerabilities↗2022-08-25

▶

Ubuntu

Linux kernel (Intel IoTG) vulnerabilities↗2022-08-10

▶

Ubuntu

Linux kernel vulnerabilities↗2022-08-10

▶