PT-2022-6247 · Linux+9 · Linux Kernel+9
Hyunwoo Kim
·
Published
2022-11-15
·
Updated
2024-06-15
·
CVE-2022-45919
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.0.10
Description
The issue is related to a use-after-free condition in the Linux kernel's DVB driver, specifically in the drivers/media/dvb-core/dvb ca en50221.c module. This occurs when a device is closed after being disconnected, due to the lack of a wait event. Exploitation of this issue could allow an attacker to cause a denial of service or elevate their privileges.
Recommendations
For Linux kernel versions prior to 6.0.10, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the vulnerable module drivers/media/dvb-core/dvb ca en50221.c to minimize the risk of exploitation.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu