Use After Free

2022-11-1916:01:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

3.5 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.8%

JSON

linux-gcp, linux-aws, linux-oracle, linux-kvm and linux-dell300x are vulnerable to free after use. The vulnerability exists in the tst_timer function in drivers/atm/idt77252.c because of incorrect use of dynamic memory during program operation.

CPENameOperatorVersion
linux-gcp:focaleq5.4.0.1024.21
linux-gcp:focaleq5.4.0.1025.22
linux-gcp:focaleq5.4.0.1029.37
linux-gcp:focaleq5.4.0.1021.19
linux-gcp:focaleq5.4.0.1030.38
linux-gcp:focaleq5.4.0.1009.9
linux-aws:bioniceq4.15.0.1007.7
linux-aws:focaleq5.4.0.1029.30
linux-aws:focaleq5.4.0.1030.31
linux-aws:focaleq5.4.0.1022.23

Name	Operator	Version
linux-gcp:focal	eq	5.4.0.1024.21
linux-gcp:focal	eq	5.4.0.1025.22
linux-gcp:focal	eq	5.4.0.1029.37
linux-gcp:focal	eq	5.4.0.1021.19
linux-gcp:focal	eq	5.4.0.1030.38
linux-gcp:focal	eq	5.4.0.1009.9
linux-aws:bionic	eq	4.15.0.1007.7
linux-aws:focal	eq	5.4.0.1029.30
linux-aws:focal	eq	5.4.0.1030.31
linux-aws:focal	eq	5.4.0.1022.23