CVE-2022-48670

Summary

In the Linux kernel, the following vulnerability has been resolved:

peci: cpu: Fix use-after-free in adev_release()

When auxiliary_device_add() returns an error, auxiliary_device_uninit() is called, which causes refcount for device to be decremented and .release callback will be triggered.

Because adev_release() re-calls auxiliary_device_uninit(), it will cause use-after-free: [ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15 [ 1269.464007] refcount_t: underflow; use-after-free.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6523d3b2ffa238ac033c34a726617061d6a744aa < c87f1f99e26ea4ae08cabe753ae98e5626bdba89affected
LinuxLinux6523d3b2ffa238ac033c34a726617061d6a744aa < 1c11289b34ab67ed080bbe0f1855c4938362d9cfaffected
LinuxLinux5.18affected
LinuxLinux0 < 5.18unaffected
LinuxLinux5.19.10 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References