PT-2022-5921 · Linux+4 · Linux+4

Zhixin Li

Published

2022-12-11

Updated

2024-09-27

CVE-2022-4382

CVSS v3.1

6.4

Medium

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux (affected versions not specified)

Description A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. The issue is related to the put dev() function and may allow an attacker to cause a denial of service or elevate privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2022-07341

CVE-2022-4382

MGASA-2023-0087

MGASA-2023-0088

OESA-2023-1274

OESA-2023-1275

OPENSUSE-SU-2023_0394-1

OPENSUSE-SU-2023_0433-1

OPENSUSE-SU-2023_0488-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2023:0394-1

SUSE-SU-2023:0433-1

SUSE-SU-2023:0488-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

USN-5970-1

USN-5978-1

USN-5979-1

USN-5980-1

USN-5982-1

USN-5985-1

USN-5987-1

USN-6004-1

USN-6020-1

USN-6031-1

USN-6032-1

USN-6151-1

Affected Products

Astra Linux

Linux

Linuxmint

Suse

Ubuntu

PT-2022-5921 · Linux+4 · Linux+4

CVE-2022-4382

Weakness Enumeration

Related Identifiers

Affected Products

References · 922