CVE-2022-2526

CWE-416 — Use After Free11 documents8 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 47.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Systemd Project Systemd

Timeline

PublishedSep 9

Latest updateJan 15

Description

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5systemd-resolvedsystemd 240

▶Debiansystemd< 240-1+3

▶Ubuntusystemd< 237-3ubuntu10.54+1

▶NVDsystemd_project/systemd240

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

systemd regression↗2022-09-14

▶

GHSA

GHSA-f4r4-2gxf-88xj: A use-after-free vulnerability was found in systemd↗2022-09-10

▶

CVEList

CVE-2022-2526: A use-after-free vulnerability was found in systemd↗2022-09-09

▶

OSV

CVE-2022-2526: A use-after-free vulnerability was found in systemd↗2022-09-09

▶

OSV

systemd vulnerability↗2022-08-29

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: ATS Framework (systemd-libs) — CVE-2022-2526↗2023-01-15

▶

Ubuntu

systemd regression↗2022-09-14

▶

Ubuntu

systemd vulnerability↗2022-08-29

▶

Red Hat

systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c↗2022-08-19

▶

Debian

CVE-2022-2526: systemd - A use-after-free vulnerability was found in systemd. This issue occurs due to th...↗2022

▶