PT-2022-7457 · Linux+5 · Linux Kernel+5

John Garry

·

Published

2022-01-31

·

Updated

2025-04-03

·

CVE-2022-48791

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a use-after-free vulnerability in the pm8001 component of the Linux kernel. This occurs when a TMF sas task is aborted before handling the IO completion in mpi ssp completion(), which happens due to a timeout. As a result, the SAS TASK STATE ABORTED flag is set, and the sas task is freed in pm8001 exec internal tmf task(). However, if the I/O completion occurs later, it still thinks the sas task is available. The fix involves clearing the ccb->task if the TMF times out, ensuring the I/O completion handler does nothing if this pointer is cleared. This vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-06525
CVE-2022-48791
OPENSUSE-SU-2024_2947-1
OPENSUSE-SU-2024_3249-1
OPENSUSE-SU-2025_1119-1
OPENSUSE-SU-2025_1123-1
OPENSUSE-SU-2025_1139-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2902-1
SUSE-SU-2024:2929-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:3249-1
SUSE-SU-2024:3304-1
SUSE-SU-2024:3467-1
SUSE-SU-2024:3499-1
SUSE-SU-2024:3559-1
SUSE-SU-2024:3566-1
SUSE-SU-2024:3591-1
SUSE-SU-2025:1088-1
SUSE-SU-2025:1092-1
SUSE-SU-2025:1119-1
SUSE-SU-2025:1123-1
SUSE-SU-2025:1139-1
USN-7022-1
USN-7022-2
USN-7022-3
USN-7028-1
USN-7028-2
USN-7039-1
USN-7119-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu