CVE-2022-48872
Published: Aug 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup() and get a reference to a map that is about to be deleted. Rewrite fastrpc_map_get() to only increase the reference count of a map if it's non-zero. Propagate this to callers so they can know if a map is about to be deleted. Fixes this warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate ... Call trace: refcount_warn_saturate [fastrpc_map_get inlined] [fastrpc_map_lookup inlined] fastrpc_map_create fastrpc_internal_invoke fastrpc_device_ioctl __arm64_sys_ioctl invoke_syscall
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c68cfb718c8f97b7f7a50ed66be5feb42d0c8988 - < 556dfdb226ce1e5231d8836159b23f8bb0395bf4affected c68cfb718c8f97b7f7a50ed66be5feb42d0c8988 - < b171d0d2cf1b8387c72c8d325c5d5746fa271e39affected c68cfb718c8f97b7f7a50ed66be5feb42d0c8988 - < 61a0890cb95afec5c8a2f4a879de2b6220984ef1affected c68cfb718c8f97b7f7a50ed66be5feb42d0c8988 - < 079c78c68714f7d8d58e66c477b0243b31806907affected c68cfb718c8f97b7f7a50ed66be5feb42d0c8988 - < 96b328d119eca7563c1edcc4e1039a62e6370ecb |
Linux | Linux | affected 5.1unaffected 0 - < 5.1unaffected 5.4.230 - <= 5.4.*unaffected 5.10.165 - <= 5.10.*unaffected 5.15.90 - <= 5.15.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now