CVE-2022-48742
HIGHLinux Kernel Use-After-Free in rtnetlink __rtnl_newlink
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one unrelated syzbot bug, I found the replay logic in __rtnl_newlink() to potentially trigger use-after-free. It is better to clear master_dev and m_ops inside the loop, in case we have to replay it.
References (8)
Core 8
Core References
Mailing List, Patch
https://git.kernel.org/stable/c/2cf180360d66bd657e606c1217e0e668e6faa303
Mailing List, Patch
https://git.kernel.org/stable/c/7d9211678c0f0624f74cdff36117ab8316697bb8
Mailing List, Patch
https://git.kernel.org/stable/c/a01e60a1ec6bef9be471fb7182a33c6d6f124e93
Mailing List, Patch
https://git.kernel.org/stable/c/bd43771ee9759dd9dfae946bff190e2c5a120de5
Mailing List, Patch
https://git.kernel.org/stable/c/3bbe2019dd12b8d13671ee6cda055d49637b4c39
Mailing List, Patch
https://git.kernel.org/stable/c/def5e7070079b2a214b3b1a2fbec623e6fbfe34a
Mailing List, Patch
https://git.kernel.org/stable/c/36a9a0aee881940476b254e0352581401b23f210
Mailing List, Patch
https://git.kernel.org/stable/c/c6f6f2444bdbe0079e41914a35081530d0409963
Scores
CVSS v3
7.8
EPSS
0.0024
EPSS Percentile
14.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (26)
linux/Kernel
3.14.0 - 4.9.300linux
linux/Kernel
4.10.0 - 4.14.265linux
linux/Kernel
4.15.0 - 4.19.228linux
linux/Kernel
4.20.0 - 5.4.177linux
linux/Kernel
5.11.0 - 5.15.20linux
linux/Kernel
5.16.0 - 5.16.6linux
linux/Kernel
5.5.0 - 5.10.97linux
Linux/Linux
< 3.14
Linux/Linux
3.14
Linux/Linux
4.14.265 - 4.14.*
... and 16 more
Published
Jun 20, 2024
Tracked Since
Feb 18, 2026