Lucene search

K

[email protected]NVD:CVE-2022-41849

HistorySep 30, 2022 - 6:15 a.m.

CVE-2022-41849

2022-09-3006:15:12

CWE-416

CWE-362

[email protected]

web.nvd.nist.gov

4.2 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

28.2%

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤5.19.12

Node

debiandebian_linuxMatch10.0

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839c

lists.debian.org/debian-lts-announce/2022/12/msg00031.html

lists.debian.org/debian-lts-announce/2022/12/msg00034.html

lore.kernel.org/all/20220925133243.GA383897%40ubuntu/T/

4.2 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

28.2%

Related for NVD:CVE-2022-41849

veracode1 ubuntucve1 redhatcve1 debiancve1 cve1 cbl_mariner2 prion1 cvelist1 cnvd1 nessus37 osv23 openvas35 ubuntu25 suse5 amazon2 photon2 mageia2 debian2 redos1 slackware1 ics1