CVE-2022-48722

MEDIUM

Linux Kernel 4.12-5.16.8 Use-After-Free in IEEE 802.15.4 CA8210 Xmit Error Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. We then leak the skb structure. Free the skb structure upon error before returning.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/a1c277b0ed2a13e7de923b5f03bc23586eceb851

Patch

https://git.kernel.org/stable/c/d6a44feb2f28d71a7e725f72d09c97c81561cd9a

Patch

https://git.kernel.org/stable/c/6f38d3a6ec11c2733b1c641a46a2a2ecec57be08

Patch

https://git.kernel.org/stable/c/78b3f20c17cbcb7645bfa63f2ca0e11b53c09d56

Patch

https://git.kernel.org/stable/c/94cd597e20ed4acedb8f15f029d92998b011cb1a

Patch

https://git.kernel.org/stable/c/21feb6df3967541931242c427fe0958276af81cc

Patch

https://git.kernel.org/stable/c/621b24b09eb61c63f262da0c9c5f0e93348897e5

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 12.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (24)

linux/Kernel 4.12.0 - 4.14.265linux

linux/Kernel 4.15.0 - 4.19.228linux

linux/Kernel 4.20.0 - 5.4.178linux

linux/Kernel 5.11.0 - 5.15.22linux

linux/Kernel 5.16.0 - 5.16.8linux

linux/Kernel 5.5.0 - 5.10.99linux

Linux/Linux < 4.12

Linux/Linux 4.12

Linux/Linux 4.14.265 - 4.14.*

Linux/Linux 4.19.228 - 4.19.*

... and 14 more

Published Jun 20, 2024

Tracked Since Feb 18, 2026