QwikSec

Security Database

CVE

CWE

Training

CVE-2022-3424

Published: Mar 6, 2023

Modified: Mar 6, 2025

PUBLISHED

Description

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Vendor	Product	Versions
n/a	kernel	affected `unknown`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2132640

https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc

https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com/

https://www.spinics.net/lists/kernel/msg4518970.html

https://security.netapp.com/advisory/ntap-20230406-0005/

[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update

mailing-list

[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.