Lucene search

LinuxCVE-2022-48787

HistoryJul 16, 2024 - 12:15 p.m.

CVE-2022-48787

2024-07-1612:15:03

CWE-416

Linux

web.nvd.nist.gov

linux kernel

vulnerability

cve-2022-48787

iwlwifi

use-after-free

fix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

iwlwifi: fix use-after-free

If no firmware was present at all (or, presumably, all of the
firmware files failed to parse), we end up unbinding by calling
device_release_driver(), which calls remove(), which then in
iwlwifi calls iwl_drv_stop(), freeing the ‘drv’ struct. However
the new code I added will still erroneously access it after it
was freed.

Set ‘failure=false’ in this case to avoid the access, all data
was already freed anyway.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange4.14.263–4.14.268

linuxlinux_kernelRange4.19.226–4.19.231

linuxlinux_kernelRange5.4.174–5.4.181

linuxlinux_kernelRange5.10.94–5.10.102

linuxlinux_kernelRange5.15.17–5.15.25

linuxlinux_kernelRange5.16.3–5.16.11

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
    ],
    "versions": [
      {
        "version": "8e10749fa1a4",
        "lessThan": "d3b98fe36f8a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1d7cc54137a4",
        "lessThan": "7d6475179b85",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0446cafa843e",
        "lessThan": "494de920d98f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "febab6b60d61",
        "lessThan": "008508c16af0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e23f075d7798",
        "lessThan": "ddd46059f7d9",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6b5ad4bd0d78",
        "lessThan": "9958b9cbb221",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ab07506b0454",
        "lessThan": "bea2662e7818",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
    ],
    "versions": [
      {
        "version": "4.14.263",
        "lessThan": "4.14.268",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "4.19.226",
        "lessThan": "4.19.231",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.4.174",
        "lessThan": "5.4.181",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.10.94",
        "lessThan": "5.10.102",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.15.17",
        "lessThan": "5.15.25",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.16.3",
        "lessThan": "5.16.11",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]