CVE-2022-2938Use After Free in Kernel

CWE-416Use After Free7 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 91.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedAug 23
Latest updateAug 24

Description

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel5.25.4.177+3
Debianlinux/linux_kernel< 5.10.103-1+3
CVEListV5linux/linux_kernelkernel 5.17

Also affects: Enterprise Linux 8.0, Fedora 35

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-c84m-fxrm-chfh: A flaw was found in the Linux kernel's implementation of Pressure Stall Information2022-08-24
CVEList
CVE-2022-2938: A flaw was found in the Linux kernel's implementation of Pressure Stall Information2022-08-23
OSV
CVE-2022-2938: A flaw was found in the Linux kernel's implementation of Pressure Stall Information2022-08-23

📋Vendor Advisories

3
Microsoft
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default it could allow an attacker to crash the system or have other memory-corrup2022-08-09
Red Hat
kernel: use-after-free when psi trigger is destroyed while being polled2022-01-10
Debian
CVE-2022-2938: linux - A flaw was found in the Linux kernel's implementation of Pressure Stall Informat...2022
CVE-2022-2938 — Use After Free in Linux Kernel | cvebase