CVE-2022-1882Use After Free in Kernel

CWE-416Use After Free14 documents8 sources
Severity
7.8HIGHNVD
OSV6.7
EPSS
0.0%
top 91.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.70.1-1 ON CBL Mariner 2.0+5 more
Timeline
PublishedMay 26
Latest updateJun 15

Description

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

debiandebian/linux< linux 5.18.16-1 (bookworm)
NVDlinux/linux_kernel5.10.1065.10.134+2
Debianlinux/linux_kernel< 5.10.136-1+3
Ubuntulinux/linux_kernel< 5.15.0-50.56
CVEListV5linux/linux_kernelLinux kernel 5.18-rc8

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
OSV
linux-intel-iotg vulnerabilities2022-10-26
OSV
linux-ibm vulnerabilities2022-10-14
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-raspi vu2022-10-10
GHSA
GHSA-hmjf-2pvf-jr4v: A flaw use after free in the Linux kernel pipes functionality was found in the way user do some manipulations with pipe ex2022-05-27
OSV
CVE-2022-1882: A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() a2022-05-26

📋Vendor Advisories

8
CISA ICS
Siemens SIMATIC S7-1500 TM MFP BIOS2023-06-15
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2022-10-26
Ubuntu
Linux kernel (IBM) vulnerabilities2022-10-14
Ubuntu
Linux kernel vulnerabilities2022-10-10
CVE-2022-1882 — Use After Free in Linux Kernel | cvebase