CVE-2022-48892

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free bug in the dup user cpus ptr() function. This bug can be exploited when the sched setaffinity() function is invoked from another process while the process being modified is undergoing a fork operation. The bug can lead to a use-after-free and possibly a double-free in the arm64 kernel. The problem arises because dup user cpus ptr() accesses user cpus ptr without any lock protection, even though the setting and clearing of user cpus ptr are done under pi lock for the arm64 architecture.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.