PT-2022-4754 · Linux+6 · Linux Kernel+6

Hyunwoo Kim

·

Published

2022-09-09

·

Updated

2023-08-14

·

CVE-2022-40307

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.19.8
Description The issue is related to a use-after-free condition in the Linux kernel, specifically in the drivers/firmware/efi/capsule-loader.c component. This condition arises due to a race condition, which can be exploited by a remote attacker to potentially elevate privileges or cause a denial of service.
Recommendations For Linux kernel versions through 5.19.8, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the capsule-loader.c component until a patch is available. Avoid using the affected component in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

ALT-PU-2022-2621
ALT-PU-2022-2691
ALT-PU-2022-2915
ALT-PU-2022-2919
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-10904
BDU:2022-05654
CVE-2022-40307
DLA-3131-1
DLA-3173-1
DSA-5257-1
DSA-5257-2
MGASA-2022-0379
MGASA-2022-0380
OESA-2022-1942
OESA-2022-1966
OESA-2022-1967
OPENSUSE-SU-2022_4574-1
SUSE-SU-2022:3810-1
SUSE-SU-2022:4272-1
SUSE-SU-2022:4273-1
SUSE-SU-2022:4561-1
SUSE-SU-2022:4573-1
SUSE-SU-2022:4574-1
SUSE-SU-2022:4589-1
SUSE-SU-2022:4611-1
SUSE-SU-2022:4614-1
SUSE-SU-2022:4615-1
USN-5790-1
USN-5791-1
USN-5791-2
USN-5791-3
USN-5792-1
USN-5792-2
USN-5793-1
USN-5793-2
USN-5793-3
USN-5793-4
USN-5815-1
USN-5877-1
USN-6071-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu