CVE-2022-48782

Published: Jul 16, 2024Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed trace_mctp_key_acquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ When mctp_key_add() fails, key is freed but then is later used in trace_mctp_key_acquire(). Add an else statement to use the key only when mctp_key_add() is successful.

Affected (1)

Products: Linux: Linux Kernel

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.16 to 5.16.11

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (4)

https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing ListPatch

https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing ListPatch

https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

Timeline

No history available yet.