github - ghsa-v29p-wgpj-c454

ghsa-v29p-wgpj-c454

Vulnerability from github

Published

2024-07-16 12:30

Modified

2024-08-21 18:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

mctp: fix use after free

Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed trace_mctp_key_acquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ When mctp_key_add() fails, key is freed but then is later used in trace_mctp_key_acquire(). Add an else statement to use the key only when mctp_key_add() is successful.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-48782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T12:15:03Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: fix use after free\n\nClang static analysis reports this problem\nroute.c:425:4: warning: Use of memory after it is freed\n  trace_mctp_key_acquire(key);\n  ^~~~~~~~~~~~~~~~~~~~~~~~~~~\nWhen mctp_key_add() fails, key is freed but then is later\nused in trace_mctp_key_acquire().  Add an else statement\nto use the key only when mctp_key_add() is successful.",
  "id": "GHSA-v29p-wgpj-c454",
  "modified": "2024-08-21T18:31:26Z",
  "published": "2024-07-16T12:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48782"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-48782 (GCVE-0-2022-48782)

Vulnerability from cvelistv5

Published

2024-07-16 11:13

Modified

2025-05-04 08:23

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed trace_mctp_key_acquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ When mctp_key_add() fails, key is freed but then is later used in trace_mctp_key_acquire(). Add an else statement to use the key only when mctp_key_add() is successful.

References

URL

Tags

	https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e
	https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b

Impacted products

Vendor

Product

Version

Version: 4f9e1ba6de45aa8797a83f1fe5b82ec4bac16899
Version: 4f9e1ba6de45aa8797a83f1fe5b82ec4bac16899

Version: 5.16

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48782",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:00:14.462603Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:16.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mctp/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1dd3ecbec5f606b2a526c47925c8634b1a6bb81e",
              "status": "affected",
              "version": "4f9e1ba6de45aa8797a83f1fe5b82ec4bac16899",
              "versionType": "git"
            },
            {
              "lessThan": "7e5b6a5c8c44310784c88c1c198dde79f6402f7b",
              "status": "affected",
              "version": "4f9e1ba6de45aa8797a83f1fe5b82ec4bac16899",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mctp/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.11",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: fix use after free\n\nClang static analysis reports this problem\nroute.c:425:4: warning: Use of memory after it is freed\n  trace_mctp_key_acquire(key);\n  ^~~~~~~~~~~~~~~~~~~~~~~~~~~\nWhen mctp_key_add() fails, key is freed but then is later\nused in trace_mctp_key_acquire().  Add an else statement\nto use the key only when mctp_key_add() is successful."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:23:02.500Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b"
        }
      ],
      "title": "mctp: fix use after free",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48782",
    "datePublished": "2024-07-16T11:13:19.141Z",
    "dateReserved": "2024-06-20T11:09:39.068Z",
    "dateUpdated": "2025-05-04T08:23:02.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.