CVE-2022-20158

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Android kernel

Description The issue is related to a memory corruption vulnerability in the backing-dev.c file of the Linux operating system, specifically in the bdi put() and bdi unregister() functions. This vulnerability is due to the use of previously freed memory, which could allow an attacker to cause a denial of service. The vulnerability could also lead to local escalation of privilege with system execution privileges needed, and user interaction is not required for exploitation.

Recommendations For Linux kernel versions prior to the fixed version: update to a version that includes the fix for this issue. For Android kernel: apply the patch from the upstream kernel to resolve the issue. As a temporary workaround, consider restricting access to the bdi put() and bdi unregister() functions until a patch is available.