CVE-2022-2318Use After Free in Kernel

CWE-416Use After Free50 documents7 sources
Severity
5.5MEDIUMNVD
OSV6.7OSV5.9OSV4.4OSV4.3
EPSS
0.1%
top 73.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxDebian Linux+2 more
Timeline
PublishedJul 6
Latest updateApr 12

Description

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel< 5.19+1
Debianlinux/linux_kernel< 5.10.127-2+3
Ubuntulinux/linux_kernel< 4.15.0-194.205+3
CVEListV5linux/linux_kernelLinux Kernel version prior to kernel 5.19 rc5
debiandebian/linux< linux 5.18.14-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

25
OSV
linux, linux-kvm, linux-lts-xenial vulnerabilities2023-04-12
OSV
linux-aws vulnerabilities2023-04-06
OSV
linux-azure-fde vulnerabilities2022-10-27
OSV
linux-gcp vulnerabilities2022-10-21
OSV
linux-oem-5.17 vulnerabilities2022-10-19

📋Vendor Advisories

24
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-12
Ubuntu
Linux kernel vulnerabilities2023-04-12
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-06
Ubuntu
Linux kernel (Azure CVM) vulnerabilities2022-10-27
Ubuntu
Linux kernel (GCP) vulnerabilities2022-10-21