CVE-2022-2978Use After Free in Kernel

CWE-416Use After Free25 documents7 sources
Severity
7.8HIGHNVD
OSV7.0OSV6.7OSV5.5
EPSS
0.1%
top 80.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxDebian Linux
Timeline
PublishedAug 24
Latest updateJun 15

Description

A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDlinux/linux_kernel2.6.124.9.331+7
Debianlinux/linux_kernel< 5.10.148-1+3
Ubuntulinux/linux_kernel< 4.15.0-197.208+3
CVEListV5linux/linux_kernelLinux kernel 6.0-rc3
debiandebian/linux< linux 6.0.2-1 (bookworm)

Also affects: Debian Linux 10.0

🔴Vulnerability Details

12
OSV
linux-azure vulnerabilities2022-12-12
OSV
linux-gcp-5.4 vulnerabilities2022-11-29
OSV
linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4 vulnerabilities2022-11-18
OSV
linux-gcp, linux-gcp-4.15 vulnerabilities2022-11-18
OSV
linux-gcp-5.15, linux-gke-5.15, linux-intel-iotg, linux-raspi vulnerabilities2022-11-18

📋Vendor Advisories

12
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (Azure) vulnerabilities2022-12-12
Ubuntu
Linux kernel (GCP) vulnerabilities2022-11-29
Ubuntu
Linux kernel vulnerabilities2022-11-18
Ubuntu
Linux kernel (GCP) vulnerabilities2022-11-18