CVE-2022-4379Use After Free in Kernel

CWE-416Use After Free26 documents7 sources
Severity
7.5HIGHNVD
OSV7.8OSV6.4OSV5.5
EPSS
0.4%
top 41.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelDebian LinuxFedoraproject Fedora+4 more
Timeline
PublishedJan 10
Latest updateMar 16

Description

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

NVDlinux/linux_kernel5.65.10.177+2
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 5.15.0-67.74
CVEListV5linux/linux_kernelLinux kernel through v6.1-rc8
debiandebian/linux< linux 6.1.4-1 (bookworm)

Also affects: Fedora 36, 37

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

11
OSV
linux-intel-iotg vulnerabilities2023-03-16
OSV
linux-kvm vulnerabilities2023-03-09
OSV
linux-gkeop vulnerabilities2023-03-08
OSV
linux-ibm, linux-raspi vulnerabilities2023-03-07
OSV
linux-oem-5.14, linux-oem-5.17 vulnerabilities2023-03-03

📋Vendor Advisories

14
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-03-16
Ubuntu
Linux kernel (KVM) vulnerabilities2023-03-14
Ubuntu
Linux kernel (KVM) vulnerabilities2023-03-09
Ubuntu
Linux kernel (GKE) vulnerabilities2023-03-08
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2023-03-07
CVE-2022-4379 — Use After Free in Linux Kernel | cvebase