CVE-2022-48801

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to incorrect error handling in the Linux kernel's iio component, specifically in the IIO BUFFER GET FD IOCTL function. When the kernel fails to copy a file descriptor to userland, it attempts to clean up by putting back the file descriptor and freeing related resources. However, this cleanup process is incorrect, as it uses put unused fd() on a file descriptor that has already been published, leading to a partially corrupted state. This allows userland to exploit the vulnerability by abusing the still usable file descriptor and operating on a dangling 'file->private data' pointer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.