CVE-2022-48782

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the mctp route input() function in the Linux kernel's implementation of the Management Component Transport Protocol (MCTP). It involves the reuse of previously freed memory, which could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The problem occurs when mctp key add() fails, and the key is freed but later used in trace mctp key acquire(). To fix this, an else statement should be added to use the key only when mctp key add() is successful.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.