CVE-2022-41222Use After Free in Kernel

CWE-416Use After Free17 documents9 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 94.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedSep 21
Latest updateMar 7

Description

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel5.05.4.211+3
Debianlinux/linux_kernel< 5.10.140-1+3
Ubuntulinux/linux_kernel< 5.4.0-132.148+1

Also affects: Debian Linux 10.0, Ubuntu Linux 18.04, 20.04, 22.04

Patches

Patch: packetstormsecurity.comPatch: bugs.chromium.orgPatch: git.kernel.org

🔴Vulnerability Details

7
OSV
Kernel Live Patch Security Notice2023-02-14
OSV
CVE-2022-41222: In move_page_tables of mremap2023-02-01
OSV
linux-gcp-5.4 vulnerabilities2022-11-29
OSV
linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4 vulnerabilities2022-11-18
GHSA
GHSA-jfpq-w2g4-wcpm: mm/mremap2022-09-22

📋Vendor Advisories

9
Red Hat
kpatch: mm/mremap.c: incomplete fix for CVE-2022-412222023-03-07
Ubuntu
Kernel Live Patch Security Notice2023-02-14
Android
CVE-2022-41222: Kernel memory subsystem2023-02-01
Ubuntu
Linux kernel (GCP) vulnerabilities2022-11-29
Ubuntu
Linux kernel vulnerabilities2022-11-18
CVE-2022-41222 — Use After Free in Linux Kernel | cvebase