CVE-2022-48788 — Use After Free in Linux

CWE-416 — Use After Free6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 97.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +4 more

Timeline

PublishedJul 16

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in order to fully prevent a race where this check is not reliable the error recovery work must flush async_event_work before continuing to destroy the admin queue after setting the ctrl state to RESETTING such that there is …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶NVDlinux/linux_kernel4.20 — 5.4.181+5

▶Debianlinux/linux_kernel< 5.10.103-1+3

▶CVEListV5linux/linux7110230719602852481c2793d054f866b2bf4a2b — 5593f72d1922403c11749532e3a0aa4cf61414e9+6

▶debiandebian/linux< linux 5.16.11-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.32.1-3_on_cbl_mariner_2.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2022-48788: In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme↗2024-07-16

▶

GHSA

GHSA-grc2-v3f8-wj3j: In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nv↗2024-07-16

▶

📋Vendor Advisories

Red Hat

kernel: nvme-rdma: fix possible use-after-free in transport error_recovery work↗2024-07-16

▶

Microsoft

nvme-rdma: fix possible use-after-free in transport error_recovery work↗2024-07-09

▶

Debian

CVE-2022-48788: linux - In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: ...↗2022

▶