Vulnerability Details : CVE-2022-1974
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2022-1974
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-1974
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.1
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
0.5
|
3.6
|
nvd@nist.gov |
CWE ids for CVE-2022-1974
-
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.Assigned by: nvd@nist.gov (Primary)
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2022-1974
-
https://github.com/torvalds/linux/commit/da5c0f119203ad9728920456a0f52a6d850c01cd
nfc: replace improper check device_is_registered() in netlink related… · torvalds/linux@da5c0f1 · GitHubPatch;Third Party Advisory
Products affected by CVE-2022-1974
- cpe:2.3:o:linux:linux_kernel:5.18:rc6:*:*:*:*:*:*