Description
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.
References (2)
Core 2
Core References
Mailing List, Patch x_refsource_misc
https://lore.kernel.org/all/20220211011552.1861886-1-jk%40codeconstruct.com.au
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220318-0006/
Scores
CVSS v3
7.8
EPSS
0.0033
EPSS Percentile
24.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
CWE-459
Status
published
Products (9)
linux/linux_kernel
5.17 rc1 (5 CPE variants)
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
netapp/h700e_firmware
netapp/h700s_firmware
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026