CVE-2022-1882

HIGH

Linux Kernel 5.10.106-5.10.133 - Use-After-Free in Pipe Notification Handling

Title source: llm

Description

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

References (3)

Core 3

Core References

Issue Tracking, Patch, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2089701

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220715-0002/

Mailing List

https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel%40gmail.com/T/

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 12.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (9)

linux/linux_kernel 5.10.106 - 5.10.134

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500e_firmware

netapp/h500s_firmware

netapp/h700e_firmware

netapp/h700s_firmware

Published May 26, 2022

Tracked Since Feb 18, 2026