PT-2022-3306 · Linux+5 · Linux Kernel+5

Yuan Ming

·

Published

2022-04-26

·

Updated

2023-08-14

·

CVE-2022-33981

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.6
Description The issue is related to a concurrency use-after-free flaw in the raw cmd ioctl function after deallocating raw cmd, which can lead to a denial of service. This flaw is located in the drivers/block/floppy.c component of the Linux kernel.
Recommendations For versions prior to 5.17.6, update to version 5.17.6 or later to resolve the issue. As a temporary workaround, consider disabling the raw cmd ioctl function until a patch is available. Restrict access to the drivers/block/floppy.c component to minimize the risk of exploitation.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2022-1835
ALT-PU-2022-1873
ALT-PU-2022-2152
ALT-PU-2022-2155
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-9952
BDU:2022-04052
CVE-2022-33981
DLA-3065-1
DSA-5173-1
OESA-2022-1746
OPENSUSE-SU-2022:2549-1
OPENSUSE-SU-2022_2376-1
OPENSUSE-SU-2022_2411-1
OPENSUSE-SU-2022_2422-1
OPENSUSE-SU-2022_2520-1
OPENSUSE-SU-2022_2549-1
OPENSUSE-SU-2022_2615-1
OPENSUSE-SU-2022_3998-1
OPENSUSE-SU-2022_4072-1
OPENSUSE-SU-2022_4617-1
SUSE-SU-2022:2376-1
SUSE-SU-2022:2377-1
SUSE-SU-2022:2379-1
SUSE-SU-2022:2382-1
SUSE-SU-2022:2393-1
SUSE-SU-2022:2407-1
SUSE-SU-2022:2411-1
SUSE-SU-2022:2424-1
SUSE-SU-2022:2424-2
SUSE-SU-2022:2478-1
SUSE-SU-2022:2520-1
SUSE-SU-2022:2549-1
SUSE-SU-2022:2615-1
SUSE-SU-2022:2809-1
SUSE-SU-2022:3998-1
SUSE-SU-2022:4072-1
SUSE-SU-2022:4573-1
SUSE-SU-2022:4617-1
SUSE-SU-2023:0416-1
USN-5514-1
USN-5518-1
USN-5539-1
USN-5560-1
USN-5560-2
USN-5564-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu