Vulnerability Details : CVE-2022-41222
Potential exploit
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
Vulnerability category: Memory Corruption
Products affected by CVE-2022-41222
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
- cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-41222
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-41222
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2022-41222
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-41222
-
http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html
Kernel Live Patch Security Notice LNS-0091-1 ≈ Packet StormPatch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20230214-0008/
CVE-2022-41222 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html
Linux Stable 5.4 / 5.10 Use-After-Free / Race Condition ≈ Packet StormThird Party Advisory;VDB Entry
-
https://bugs.chromium.org/p/project-zero/issues/detail?id=2347
2347 - Linux stable 5.4/5.10: page UAF via stale TLB caused by rmap lock not held during PUD move - project-zeroExploit;Issue Tracking;Mailing List;Patch;Third Party Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
Release Notes;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
[SECURITY] [DLA 3173-1] linux-5.10 security updateMailing List;Third Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
Jump to