CVE-2022-3424Use After Free in Kernel

CWE-416Use After Free43 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.0OSV5.5
EPSS
0.0%
top 93.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedMar 6
Latest updateJul 6

Description

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel2.6.334.9.337+7
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 4.15.0-208.220+2
CVEListV5linux/linux_kernelunknown

Also affects: Enterprise Linux 9.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: www.spinics.net

🔴Vulnerability Details

22
GHSA
GHSA-292m-p3v4-44h4: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, wher2023-07-06
OSV
linux-snapdragon vulnerabilities2023-04-19
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities2023-04-19
OSV
linux-intel-iotg vulnerabilities2023-04-11
OSV
linux-gcp vulnerabilities2023-04-11

📋Vendor Advisories

20
Ubuntu
Linux kernel vulnerabilities2023-04-19
Ubuntu
Linux kernel (Qualcomm Snapdragon) vulnerabilities2023-04-19
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-04-11
Ubuntu
Linux kernel (GCP) vulnerabilities2023-04-11
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-04-05
CVE-2022-3424 — Use After Free in Linux Kernel | cvebase