Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-v29p-wgpj-c454

Опубликовано: 16 июл. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 7.8

Описание

In the Linux kernel, the following vulnerability has been resolved:

mctp: fix use after free

Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed trace_mctp_key_acquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ When mctp_key_add() fails, key is freed but then is later used in trace_mctp_key_acquire(). Add an else statement to use the key only when mctp_key_add() is successful.

In the Linux kernel, the following vulnerability has been resolved:

mctp: fix use after free

Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed trace_mctp_key_acquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ When mctp_key_add() fails, key is freed but then is later used in trace_mctp_key_acquire(). Add an else statement to use the key only when mctp_key_add() is successful.

Ссылки

EPSS

Процентиль: 13%
0.00044
Низкий

7.8 High

CVSS3

CVE ID

CVE-2022-48782

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2022-48782

CVSS3: 7.8
ubuntu
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed trace_mctp_key_acquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ When mctp_key_add() fails, key is freed but then is later used in trace_mctp_key_acquire(). Add an else statement to use the key only when mctp_key_add() is successful.

redhat логотип

CVE-2022-48782

CVSS3: 7.8
redhat
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed trace_mctp_key_acquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ When mctp_key_add() fails, key is freed but then is later used in trace_mctp_key_acquire(). Add an else statement to use the key only when mctp_key_add() is successful.

nvd логотип

CVE-2022-48782

CVSS3: 7.8
nvd
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed trace_mctp_key_acquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ When mctp_key_add() fails, key is freed but then is later used in trace_mctp_key_acquire(). Add an else statement to use the key only when mctp_key_add() is successful.

debian логотип

CVE-2022-48782

CVSS3: 7.8
debian
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: m ...

fstec логотип

BDU:2024-06077

CVSS3: 5.2
fstec
больше 3 лет назад

Уязвимость функции mctp_route_input() реализации протокола Management Component Transport Protocol (MCTP) ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 13%
0.00044
Низкий

7.8 High

CVSS3

CVE ID

CVE-2022-48782

Дефекты

CWE-416