PT-2022-7471 · Linux+3 · Linux Kernel+3

Moshe Shemesh

Published

2022-03-09

Updated

2024-09-16

CVE-2022-48858

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a race condition in the net/mlx5 component of the Linux kernel, which can lead to a refcount use after free warning. This occurs when one command releases its last refcount and frees its index and entry, while another process running the command flush flow takes a refcount to this command entry. The process handling commands flush may see this command as needed to be flushed if the other process released its refcount but didn't release the index yet. The fix involves adding a needed spin lock to resolve the race condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

BDU:2024-06613

CVE-2022-48858

OPENSUSE-SU-2024_2947-1

OPENSUSE-SU-2024_3249-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:3225-1

SUSE-SU-2024:3249-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-7471 · Linux+3 · Linux Kernel+3

CVE-2022-48858

Weakness Enumeration

Related Identifiers

Affected Products

References · 1298