CVE-2022-1973 — Use After Free in Kernel
CWE-416 — Use After FreeCWE-1341 — Multiple Releases of Same Resource or Handle17 documents6 sources
Severity
7.1HIGHNVD
OSV7.8OSV5.5
EPSS
0.1%
top 68.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 5
Latest updateSep 21
Description
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2
Affected Packages7 packages
Also affects: Fedora 35, 36
🔴Vulnerability Details
7OSV▶
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency vulnerabilities↗2022-09-02