PT-2021-6100 · Linux+4 · Linux Kernel+4

Pedro Sampaio

·

Published

2021-05-11

·

Updated

2024-08-19

·

CVE-2022-0487

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14 rc1
Description A use-after-free vulnerability was found in the rtsx usb ms drv remove function in the memstick component of the Linux kernel. This issue is related to the use of memory after it has been freed. Exploitation of this vulnerability may allow an attacker with user privileges to impact system confidentiality.
Recommendations For Linux kernel versions prior to 5.14 rc1, update to version 5.14 rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the rtsx usb ms drv remove function in the memstick component until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2021-2824
ALT-PU-2021-2926
ALT-PU-2021-3041
ALT-PU-2021-3563
ALT-PU-2021-3573
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
ALT-PU-2023-4894
BDU:2022-00789
CVE-2022-0487
DLA-2940-1
DLA-2941-1
DSA-5095-1
DSA-5096-1
OESA-2022-1534
OPENSUSE-SU-2022:0768-1
OPENSUSE-SU-2022:1037-1
OPENSUSE-SU-2022:1039-1
OPENSUSE-SU-2022_0768-1
OPENSUSE-SU-2022_1037-1
OPENSUSE-SU-2022_1039-1
OPENSUSE-SU-2024_1489-1
SUSE-SU-2022:0757-1
SUSE-SU-2022:0759-1
SUSE-SU-2022:0765-1
SUSE-SU-2022:0766-1
SUSE-SU-2022:0767-1
SUSE-SU-2022:0768-1
SUSE-SU-2022:0978-1
SUSE-SU-2022:1012-1
SUSE-SU-2022:1035-1
SUSE-SU-2022:1037-1
SUSE-SU-2022:1038-1
SUSE-SU-2022:1039-1
SUSE-SU-2022:1257-1
SUSE-SU-2024:1454-1
SUSE-SU-2024:1489-1
SUSE-SU-2024:1643-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1870-1
USN-6001-1
USN-6013-1
USN-6014-1

Affected Products

Alt Linux
Astra Linux
Linux Kernel
Suse
Ubuntu