PT-2022-7437 · Linux+3 · Linux Kernel+3

Published

2022-09-21

·

Updated

2024-10-27

·

CVE-2022-48660

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the request threaded irq() function in the gpiolib component of the Linux kernel, which can cause a repeated release of memory, potentially leading to a denial of service. When running a gpio test on the nxp-ls1028 platform with the command gpiomon --num-events=3 --rising-edge gpiochip1 25, a warning trace may occur due to the lineevent state::irq being set before the IRQ register is successful, causing the subsequent invocation of free irq() to trigger a warning call trace. The lineevent free() function is invoked to release the resource after the request threaded irq() function fails.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2024-06335
CVE-2022-48660
OESA-2024-1647
OESA-2024-1648
OPENSUSE-SU-2024_1641-1
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
SUSE-SU-2024:1641-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1647-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse