In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free after failure to create a snapshot
At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and
then attach it to the transaction’s list of pending snapshots. After that
we call btrfs_commit_transaction(), and if that returns an error we jump
to ‘fail’ label, where we kfree() the pending snapshot structure. This can
result in a later use-after-free of the pending snapshot:
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/28b21c558a3753171097193b6f6602a94169093a (5.17-rc3)
git.kernel.org/stable/c/28b21c558a3753171097193b6f6602a94169093a
git.kernel.org/stable/c/9372fa1d73da5f1673921e365d0cd2c27ec7adc2
git.kernel.org/stable/c/a7b717fa15165d3d9245614680bebc48a52ac05d
launchpad.net/bugs/cve/CVE-2022-48733
nvd.nist.gov/vuln/detail/CVE-2022-48733
security-tracker.debian.org/tracker/CVE-2022-48733
www.cve.org/CVERecord?id=CVE-2022-48733