CVE-2022-48771

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the drm/vmwgfx component of the Linux kernel, where a failing usercopy of the fence rep object leads to a stale entry in the file descriptor table. This allows userland to refer to a dangling 'file' object through a still valid file descriptor, enabling various use-after-free exploitation scenarios. The problem arises because put unused fd() does not release the file descriptor, and the fix involves deferring the call to fd install() until after the usercopy has succeeded.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880

BDU:2024-10936

CESA-2022_1988

CVE-2022-48771

OPENSUSE-SU-2024_2362-1

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

RHSA-2022:1988

RHSA-2022_1988

SUSE-SU-2024:2360-1

SUSE-SU-2024:2362-1

SUSE-SU-2024:2365-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2384-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Suse

CVE-2022-48771

Weakness Enumeration

Related Identifiers

Affected Products

References · 1388