CVE-2022-48874

HIGH

Linux Kernel 5.18-6.1.7 - Use-After-Free in fastrpc_map_find

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a race window between the point when the mutex is unlocked in fastrpc_map_lookup and the reference count increasing (fastrpc_map_get) in fastrpc_map_find, which can also lead to use-after-free. So lets merge fastrpc_map_find into fastrpc_map_lookup which allows us to both protect the maps list by also taking the &fl->lock spinlock and the reference count, since the spinlock will be released only after. Add take_ref argument to make this suitable for all callers.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/a50c5c25b6e7d2824698c0e6385f882a18f4a498

Patch

https://git.kernel.org/stable/c/9446fa1683a7e3937d9970248ced427c1983a1c5

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 13.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (8)

linux/Kernel 5.18.0 - 6.1.8linux

Linux/Linux < 5.18

Linux/Linux 5.18

Linux/Linux 6.1.8 - 6.1.*

Linux/Linux 6.2

Linux/Linux 8f6c1d8c4f0cc316b0456788fff8373554d1d99d - 9446fa1683a7e3937d9970248ced427c1983a1c5

Linux/Linux 8f6c1d8c4f0cc316b0456788fff8373554d1d99d - a50c5c25b6e7d2824698c0e6385f882a18f4a498

linux/linux_kernel 5.18 - 6.1.8

Published Aug 21, 2024

Tracked Since Feb 18, 2026