CVE-2022-42703

CVSS v3.1

5.5

Medium

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions

kernel versions prior to 5.19.7 kernel-image-centos version 5.14.0.192-alt1.el9 kernel-image-rpi-un version 6.0.2-alt1

Description

The Linux kernel contains a use-after-free vulnerability in the mm/rmap.c file. This flaw is related to a double reuse of a leaf anon vma, potentially leading to a system crash or, in some cases, local privilege escalation. The vulnerability exists in multiple functions within rmap.c and does not require user interaction to be exploited. Exploitation involves memory corruption and can allow an attacker to gain control of the system.

Recommendations

Update the kernel to version 5.19.7 or later. Update kernel-image-centos to version 5.14.0.192-alt1.el9. Update kernel-image-rpi-un to version 6.0.2-alt1.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:2148

ALSA-2023:2458

ALSA-2023:2736

ALSA-2023:2951

ALT-PU-2022-2573

ALT-PU-2022-2594

ALT-PU-2022-2915

ALT-PU-2022-2919

ALT-PU-2022-3066

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

ASB-A-253167854

BDU:2023-01301

CESA-2023_1091

CESA-2023_2736

CESA-2023_2951

CVE-2022-42703

ELSA-2023-1091

ELSA-2023-2458

ELSA-2023-2951

MGASA-2022-0324

MGASA-2022-0380

OESA-2022-2013

OESA-2022-2014

OESA-2022-2015

OPENSUSE-SU-2022_3897-1

OPENSUSE-SU-2022_3998-1

OPENSUSE-SU-2022_4053-1

OPENSUSE-SU-2022_4072-1

OPENSUSE-SU-2022_4574-1

OPENSUSE-SU-2022_4617-1

RHSA-2023:1091

RHSA-2023:1092

RHSA-2023:2148

RHSA-2023:2458

RHSA-2023:2736

RHSA-2023:2951

RHSA-2023:3388

RHSA-2023:4137

RHSA-2023:4138

RHSA-2023_1091

RHSA-2023_1092

RHSA-2023_2148

RHSA-2023_2458

RHSA-2023_2736

RHSA-2023_2951

SUSE-SU-2022:3897-1

SUSE-SU-2022:3929-1

SUSE-SU-2022:3998-1

SUSE-SU-2022:4024-1

SUSE-SU-2022:4027-1

SUSE-SU-2022:4030-1

SUSE-SU-2022:4033-1

SUSE-SU-2022:4034-1

SUSE-SU-2022:4035-1

SUSE-SU-2022:4039-1

SUSE-SU-2022:4053-1

SUSE-SU-2022:4072-1

SUSE-SU-2022:4100-1

SUSE-SU-2022:4112-1

SUSE-SU-2022:4113-1

SUSE-SU-2022:4129-1

SUSE-SU-2022:4272-1

SUSE-SU-2022:4273-1

SUSE-SU-2022:4561-1

SUSE-SU-2022:4573-1

SUSE-SU-2022:4574-1

SUSE-SU-2022:4589-1

SUSE-SU-2022:4611-1

SUSE-SU-2022:4614-1

SUSE-SU-2022:4615-1

SUSE-SU-2022:4617-1

SUSE-SU-2022_3897-1

SUSE-SU-2022_3929-1

SUSE-SU-2022_3998-1

SUSE-SU-2022_4053-1

SUSE-SU-2022_4072-1

SUSE-SU-2022_4272-1

SUSE-SU-2022_4273-1

SUSE-SU-2022_4573-1

SUSE-SU-2022_4574-1

SUSE-SU-2022_4615-1

USN-5728-1

USN-5728-2

USN-5728-3

USN-5755-1

USN-5755-2

USN-5756-1

USN-5756-2

USN-5756-3

USN-5757-1

USN-5757-2

USN-5758-1

USN-5773-1

USN-5774-1

USN-5779-1

USN-5789-1

USN-5916-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Suse

Ubuntu

CVE-2022-42703

Weakness Enumeration

Related Identifiers

Affected Products

References · 778