A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39 https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/ https://bugzilla.suse.com/show_bug.cgi?id=1194516
Marking OSDv4 affected/delegated/low. Affected code exists but local attack vector presents minimal risk.
Is blocking memstick.ko the workaround until a fixed module is released?
Is there a reason that the CVE was changed to be for the memstick driver instead of the moxart one? The original description mentioned the moxart one, cf. https://bugzilla.redhat.com/show_comment_activity.cgi?id=2044561&comment_id=15874861 . The SuSE bugzilla where this orginates from is as well about the UAF in moxart. Any comments on this? The reason I ask is that several have tracked this CVE for the moxart issue fixed by https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (https://bugzilla.suse.com/show_bug.cgi?id=1194516)
In reply to comment #9: > Is there a reason that the CVE was changed to be for the memstick driver > instead of the moxart one? The original description mentioned the moxart > one, cf. > https://bugzilla.redhat.com/show_comment_activity. > cgi?id=2044561&comment_id=15874861 . The SuSE bugzilla where this orginates > from is as well about the UAF in moxart. Any comments on this? The reason I > ask is that several have tracked this CVE for the moxart issue fixed by > https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 > (https://bugzilla.suse.com/show_bug.cgi?id=1194516) Thank you carnil for correcting me. It was a mistake, I wrongly pointed a different patch to this flaw, a correction was done.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0487