Description
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
Exploits (2)
nomisec
WORKING POC
by Satheesh575555 · poc
https://github.com/Satheesh575555/linux-4.1.15_CVE-2022-42703
References (5)
Core 5
Core References
Exploit, Mailing List, Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=2351
Mailing List, Patch, Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.7
Mailing List, Patch, Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b
Patch, Third Party Advisory
https://github.com/torvalds/linux/commit/2555283eb40df89945557273121e9393ef9b542b
Exploit, Technical Description, Third Party Advisory
https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html
Scores
CVSS v3
5.5
EPSS
0.0098
EPSS Percentile
76.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-416
Status
published
Products (1)
linux/linux_kernel
< 5.19.7
Published
Oct 09, 2022
Tracked Since
Feb 18, 2026