CVE-2022-49047

Summary

In the Linux kernel, the following vulnerability has been resolved:

ep93xx: clock: Fix UAF in ep93xx_clk_register_gate()

arch/arm/mach-ep93xx/clock.c:154:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] arch/arm/mach-ep93xx/clock.c:151:2: note: Taking true branch if (IS_ERR(clk)) ^ arch/arm/mach-ep93xx/clock.c:152:3: note: Memory is released kfree(psc); ^~~~~~~~~~ arch/arm/mach-ep93xx/clock.c:154:2: note: Use of memory after it is freed return &psc->hw; ^ ~~~~~~~~

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9645ccc7bd7a16cd73c3be9dee70cd702b03be37 < 0f12166872da46c6b57ba2f1314bbf310b3bf017affected
LinuxLinux9645ccc7bd7a16cd73c3be9dee70cd702b03be37 < 3b68b08885217abd9c57ff9b3bb3eb173eee02a9affected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux5.17.4 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References