NVD Vulnerability Detail

CVE-2022-48872

Summary	In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup() and get a reference to a map that is about to be deleted. Rewrite fastrpc_map_get() to only increase the reference count of a map if it's non-zero. Propagate this to callers so they can know if a map is about to be deleted. Fixes this warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate ... Call trace: refcount_warn_saturate [fastrpc_map_get inlined] [fastrpc_map_lookup inlined] fastrpc_map_create fastrpc_internal_invoke fastrpc_device_ioctl __arm64_sys_ioctl invoke_syscall
Publication Date	Aug. 21, 2024, 4:15 p.m.
Registration Date	Aug. 26, 2024, 4:58 p.m.
Last Update	Sept. 6, 2024, 11:30 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4	Patch
2	https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39	Patch
3	https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1	Patch
4	https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907	Patch
5	https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html

JVN Vulnerability Information

Linux の Linux Kernel における解放済みメモリの使用に関する脆弱性

Title	Linux の Linux Kernel における解放済みメモリの使用に関する脆弱性
Summary	Linux の Linux Kernel には、解放済みメモリの使用に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 24, 2022, midnight
Registration Date	Sept. 9, 2024, 3:21 p.m.
Last Update	Sept. 9, 2024, 3:21 p.m.

Affected System

Linux

Linux Kernel 5.1 以上 5.4.230 未満

Linux Kernel 5.11 以上 5.15.90 未満

Linux Kernel 5.16 以上 6.2 未満

Linux Kernel 5.5 以上 5.10.165 未満

Linux Kernel 6.2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-48872	https://www.cve.org/CVERecord?id=CVE-2022-48872
National Vulnerability Database (NVD)
2	CVE-2022-48872	https://nvd.nist.gov/vuln/detail/CVE-2022-48872

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-416	https://cwe.mitre.org/data/definitions/416.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	misc: fastrpc: Fix use-after-free race condition for maps (079c78c)	https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907
2	misc: fastrpc: Fix use-after-free race condition for maps (556dfdb)	https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4
3	misc: fastrpc: Fix use-after-free race condition for maps (61a0890)	https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1
4	misc: fastrpc: Fix use-after-free race condition for maps (96b328d)	https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb
5	misc: fastrpc: Fix use-after-free race condition for maps (b171d0d)	https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39
Linux Kernel
6	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年09月09日] 掲載	Sept. 9, 2024, 3:21 p.m.