CVE-2022-48771
Published: Jun 20, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables userland to refer to a dangling 'file' object through that still valid file descriptor, leading to all kinds of use-after-free exploitation scenarios. Fix this by deferring the call to fd_install() until after the usercopy has succeeded.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c906965dee22d5e95d0651759ba107b420212a9f - < e8d092a62449dcfc73517ca43963d2b8f44d0516affected c906965dee22d5e95d0651759ba107b420212a9f - < 0008a0c78fc33a84e2212a7c04e6b21a36ca6f4daffected c906965dee22d5e95d0651759ba107b420212a9f - < 84b1259fe36ae0915f3d6ddcea6377779de48b82affected c906965dee22d5e95d0651759ba107b420212a9f - < ae2b20f27732fe92055d9e7b350abc5cdf3e2414affected c906965dee22d5e95d0651759ba107b420212a9f - < 6066977961fc6f437bc064f628cf9b0e4571c56c+2 more versions |
Linux | Linux | affected 4.14unaffected 0 - < 4.14unaffected 4.14.264 - <= 4.14.*unaffected 4.19.227 - <= 4.19.*unaffected 5.4.175 - <= 5.4.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now