CVE-2022-48899

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/virtio: Fix GEM handle creation UAF

Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done after we are done dereferencing the object.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 < 19ec87d06acfab2313ee82b2a689bf0c154e57eaaffected
LinuxLinux62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 < d01d6d2b06c0d8390adf8f3ba08aa60b5642ef73affected
LinuxLinux62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 < 68bcd063857075d2f9edfed6024387ac377923e2affected
LinuxLinux62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 < 011ecdbcd520c90c344b872ca6b4821f7783b2f8affected
LinuxLinux62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 < adc48e5e408afbb01d261bd303fd9fbbbaa3e317affected
LinuxLinux62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 < 52531258318ed59a2dc5a43df2eaf0eb1d65438eaffected
LinuxLinux4.4affected
LinuxLinux0 < 4.4unaffected
LinuxLinux4.19.270 <= 4.19.*unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.164 <= 5.10.*unaffected
LinuxLinux5.15.89 <= 5.15.*unaffected
LinuxLinux6.1.7 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References