CVE-2022-48919

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc3+

Description The vulnerability is related to a double free race condition in the cifs component of the Linux kernel. When cifs get root() fails during cifs smb3 do mount(), the kernel calls deactivate locked super(), which eventually calls delayed free() to free the context. However, in this situation, the kernel should not proceed to enter the out section in cifs smb3 do mount() and free the same resources a second time. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions 5.17.0-rc3 and later should be used.

Note: The provided information does not specify the exact version where the fix is included, but it is mentioned that the issue is resolved in version 5.17.0-rc3+. Therefore, updating to this version or later should mitigate the vulnerability.

If updating is not possible, consider implementing additional security measures to minimize the risk of exploitation, such as restricting access to the cifs component or monitoring for suspicious activity. However, these measures are not a replacement for updating the kernel to a patched version.

At the moment, there is no information about other versions that contain a fix for this vulnerability.