PT-2022-7378 · Linux+6 · Linux Kernel+6

Gao Xiang

·

Published

2022-09-05

·

Updated

2026-03-14

·

CVE-2022-48674

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a use-after-free vulnerability in the erofs file system, specifically in the erofs workgroup unfreeze() function. This vulnerability can cause a race condition, allowing an attacker to potentially impact the confidentiality, integrity, and availability of protected information. The root cause is that erofs workgroup unfreeze() doesn't reset to orig val, thus causing the pcluster to reuse unexpectedly before freeing. This path is considered unnecessary since UP platforms are quite rare now.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-04573
CVE-2022-48674
OESA-2024-1617
OESA-2024-1618
OESA-2024-1622
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4376-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
USN-6951-1
USN-6951-2
USN-6951-3
USN-6951-4
USN-6953-1
USN-6979-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu