PT-2022-7610 · Linux+3 · Linux Kernel+3

Published

2022-01-17

Updated

2024-12-04

CVE-2022-48759

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.163-lockdep #26

Description The issue is related to a race condition between the release of rpmsg ctrldev and cdev in the Linux kernel. The current code frees the rpmsg ctrldev struct in rpmsg ctrldev release device(), but the cdev is a managed object, and its release is not predictable. This can cause the rpmsg ctrldev to be freed before the cdev is entirely released. The cdev device add/del() API was created to address this issue.

Recommendations To resolve this issue, use the cdev device add/del() API instead of cdev add/del(). This API was created to address the race condition between the release of rpmsg ctrldev and cdev. By using this API, you can ensure that the cdev is properly released before the rpmsg ctrldev is freed.

Exploit

Fix

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

BDU:2024-07401

CVE-2022-48759

OESA-2024-1793

OPENSUSE-SU-2024_2362-1

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

SUSE-SU-2024:2360-1

SUSE-SU-2024:2362-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2384-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-7610 · Linux+3 · Linux Kernel+3

CVE-2022-48759

Weakness Enumeration

Related Identifiers

Affected Products

References · 1408