CVE-2022-4382

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.openwall.com/lists/oss-security/2022/12/14/5	Exploit Mailing List Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/12/14/5	Exploit Mailing List Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:35

Type	Values Removed	Values Added
References	~~() https://www.openwall.com/lists/oss-security/2022/12/14/5 - Exploit, Mailing List, Patch, Third Party Advisory~~	() https://www.openwall.com/lists/oss-security/2022/12/14/5 - Exploit, Mailing List, Patch, Third Party Advisory
Summary		(es) Se encontró un fallo de use after free causada por una carrera entre las operaciones de superbloque en el controlador de Linux gadgetfs. Podría activarse arrancando un dispositivo que esté ejecutando el lado del dispositivo.

Information

Published : 2023-01-10 22:15

Updated : 2025-04-09 16:15

NVD link : CVE-2022-4382

Mitre link : CVE-2022-4382

CVE.ORG link : CVE-2022-4382

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

{"id": "CVE-2022-4382", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2023-01-10T22:15:14.183", "references": [{"url": "https://www.openwall.com/lists/oss-security/2022/12/14/5", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.openwall.com/lists/oss-security/2022/12/14/5", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de use after free causada por una carrera entre las operaciones de superbloque en el controlador de Linux gadgetfs. Podr\u00eda activarse arrancando un dispositivo que est\u00e9 ejecutando el lado del dispositivo."}], "lastModified": "2025-04-09T16:15:21.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}