PT-2023-9335 · Linux+2 · Linux Kernel+2
David Wang
·
Published
2023-01-09
·
Updated
2024-08-29
·
CVE-2022-48892
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a use-after-free bug in the
dup user cpus ptr() function. This bug can be exploited when the sched setaffinity() function is invoked from another process while the process being modified is undergoing a fork operation. The bug can lead to a use-after-free and possibly a double-free in the arm64 kernel. The problem arises because dup user cpus ptr() accesses user cpus ptr without any lock protection, even though the setting and clearing of user cpus ptr are done under pi lock for the arm64 architecture.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Linux Kernel
Red Os