CVE-2022-48670

Published: May 3, 2024Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: peci: cpu: Fix use-after-free in adev_release() When auxiliary_device_add() returns an error, auxiliary_device_uninit() is called, which causes refcount for device to be decremented and .release callback will be triggered. Because adev_release() re-calls auxiliary_device_uninit(), it will cause use-after-free: [ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15 [ 1269.464007] refcount_t: underflow; use-after-free.

Affected (4)

Products: Linux: Linux Kernel

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.18 to 5.19.10
Linux Linux Kernel	Version 6.0 rc1
Linux Linux Kernel	Version 6.0 rc2
Linux Linux Kernel	Version 6.0 rc3

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (4)

https://git.kernel.org/stable/c/1c11289b34ab67ed080bbe0f1855c4938362d9cf

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/c87f1f99e26ea4ae08cabe753ae98e5626bdba89

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/1c11289b34ab67ed080bbe0f1855c4938362d9cf

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/c87f1f99e26ea4ae08cabe753ae98e5626bdba89

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.