CVE-2022-48861

Published: Jul 16, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: vdpa: fix use-after-free on vp_vdpa_remove When vp_vdpa driver is unbind, vp_vdpa is freed in vdpa_unregister_device and then vp_vdpa->mdev.pci_dev is dereferenced in vp_modern_remove, triggering use-after-free. Call Trace of unbinding driver free vp_vdpa : do_syscall_64 vfs_write kernfs_fop_write_iter device_release_driver_internal pci_device_remove vp_vdpa_remove vdpa_unregister_device kobject_release device_release kfree Call Trace of dereference vp_vdpa->mdev.pci_dev: vp_modern_remove pci_release_selected_regions pci_release_region pci_resource_len pci_resource_end (dev)->resource[(bar)].end

Vendor	Product	Versions
Linux	Linux	affected `64b9f64f80a6f4b7ea51bf0510119cb15e801dc6 - < 4b1743bc715a3691a63ac21b349079b07bf1b19e` affected `64b9f64f80a6f4b7ea51bf0510119cb15e801dc6 - < dc54ba9932aeaaa1a21fe214af1f446593a78274` affected `64b9f64f80a6f4b7ea51bf0510119cb15e801dc6 - < eb057b44dbe35ae14527830236a92f51de8f9184`
Linux	Linux	affected `5.13` unaffected `0 - < 5.13` unaffected `5.15.29 - <= 5.15.` unaffected `5.16.15 - <= 5.16.` unaffected `5.17 - <= *`

References

https://git.kernel.org/stable/c/4b1743bc715a3691a63ac21b349079b07bf1b19e

https://git.kernel.org/stable/c/dc54ba9932aeaaa1a21fe214af1f446593a78274

https://git.kernel.org/stable/c/eb057b44dbe35ae14527830236a92f51de8f9184

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48861

Description

Affected Products

References