github - ghsa-9c8v-c8p9-2pjh

ghsa-9c8v-c8p9-2pjh

Vulnerability from github

Published

2024-07-16 15:30

Modified

2024-07-23 15:31

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

vdpa: fix use-after-free on vp_vdpa_remove

When vp_vdpa driver is unbind, vp_vdpa is freed in vdpa_unregister_device and then vp_vdpa->mdev.pci_dev is dereferenced in vp_modern_remove, triggering use-after-free.

Call Trace of unbinding driver free vp_vdpa : do_syscall_64 vfs_write kernfs_fop_write_iter device_release_driver_internal pci_device_remove vp_vdpa_remove vdpa_unregister_device kobject_release device_release kfree

Call Trace of dereference vp_vdpa->mdev.pci_dev: vp_modern_remove pci_release_selected_regions pci_release_region pci_resource_len pci_resource_end (dev)->resource[(bar)].end

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-48861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T13:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: fix use-after-free on vp_vdpa_remove\n\nWhen vp_vdpa driver is unbind, vp_vdpa is freed in vdpa_unregister_device\nand then vp_vdpa-\u003emdev.pci_dev is dereferenced in vp_modern_remove,\ntriggering use-after-free.\n\nCall Trace of unbinding driver free vp_vdpa :\ndo_syscall_64\n  vfs_write\n    kernfs_fop_write_iter\n      device_release_driver_internal\n        pci_device_remove\n          vp_vdpa_remove\n            vdpa_unregister_device\n              kobject_release\n                device_release\n                  kfree\n\nCall Trace of dereference vp_vdpa-\u003emdev.pci_dev:\nvp_modern_remove\n  pci_release_selected_regions\n    pci_release_region\n      pci_resource_len\n        pci_resource_end\n          (dev)-\u003eresource[(bar)].end",
  "id": "GHSA-9c8v-c8p9-2pjh",
  "modified": "2024-07-23T15:31:08Z",
  "published": "2024-07-16T15:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48861"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b1743bc715a3691a63ac21b349079b07bf1b19e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc54ba9932aeaaa1a21fe214af1f446593a78274"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb057b44dbe35ae14527830236a92f51de8f9184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-48861 (GCVE-0-2022-48861)

Vulnerability from cvelistv5

Published

2024-07-16 12:25

Modified

2025-05-04 08:24

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: vdpa: fix use-after-free on vp_vdpa_remove When vp_vdpa driver is unbind, vp_vdpa is freed in vdpa_unregister_device and then vp_vdpa->mdev.pci_dev is dereferenced in vp_modern_remove, triggering use-after-free. Call Trace of unbinding driver free vp_vdpa : do_syscall_64 vfs_write kernfs_fop_write_iter device_release_driver_internal pci_device_remove vp_vdpa_remove vdpa_unregister_device kobject_release device_release kfree Call Trace of dereference vp_vdpa->mdev.pci_dev: vp_modern_remove pci_release_selected_regions pci_release_region pci_resource_len pci_resource_end (dev)->resource[(bar)].end

References

URL

Tags

	https://git.kernel.org/stable/c/4b1743bc715a3691a63ac21b349079b07bf1b19e
	https://git.kernel.org/stable/c/dc54ba9932aeaaa1a21fe214af1f446593a78274
	https://git.kernel.org/stable/c/eb057b44dbe35ae14527830236a92f51de8f9184

Impacted products

Vendor

Product

Version

Linux

Version: 64b9f64f80a6f4b7ea51bf0510119cb15e801dc6
Version: 64b9f64f80a6f4b7ea51bf0510119cb15e801dc6
Version: 64b9f64f80a6f4b7ea51bf0510119cb15e801dc6

Linux

Version: 5.13

Show details on NVD website