Bug 2044561 (CVE-2022-0487) - CVE-2022-0487 kernel: use after free in moxart_remove
Summary: CVE-2022-0487 kernel: use after free in moxart_remove
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-0487
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2049380 2049381 2061791
Blocks: 2044562 2050368
TreeView+ depends on / blocked
 
Reported: 2022-01-24 18:33 UTC by Pedro Sampaio
Modified: 2022-11-07 12:10 UTC (History)
51 users (show)

Fixed In Version: kernel 5.17 rc4
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free vulnerability was found in the Linux kernel’s moxart_remove function in drivers/mmc/host/moxart-mmc.c. This flaw allows a local attacker with a user privilege to create issues with confidentiality.
Clone Of:
Environment:
Last Closed: 2022-03-20 20:31:37 UTC


Attachments (Terms of Use)

Description Pedro Sampaio 2022-01-24 18:33:06 UTC
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality.

References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39
https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/
https://bugzilla.suse.com/show_bug.cgi?id=1194516

Comment 6 juneau 2022-02-03 13:41:56 UTC
Marking OSDv4 affected/delegated/low. Affected code exists but local attack vector presents minimal risk.

Comment 8 Steve Grubb 2022-02-21 16:57:46 UTC
Is blocking memstick.ko the workaround until a fixed module is released?

Comment 9 Salvatore Bonaccorso 2022-03-08 15:47:11 UTC
Is there a reason that the CVE was changed to be for the memstick driver instead of the moxart one? The original description mentioned the moxart one, cf. https://bugzilla.redhat.com/show_comment_activity.cgi?id=2044561&comment_id=15874861 . The SuSE bugzilla where this orginates from is as well about the UAF in moxart. Any comments on this? The reason I ask is that several have tracked this CVE for the moxart issue fixed by https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (https://bugzilla.suse.com/show_bug.cgi?id=1194516)

Comment 13 Rohit Keshri 2022-03-20 18:22:13 UTC
In reply to comment #9:
> Is there a reason that the CVE was changed to be for the memstick driver
> instead of the moxart one? The original description mentioned the moxart
> one, cf.
> https://bugzilla.redhat.com/show_comment_activity.
> cgi?id=2044561&comment_id=15874861 . The SuSE bugzilla where this orginates
> from is as well about the UAF in moxart. Any comments on this? The reason I
> ask is that several have tracked this CVE for the moxart issue fixed by
> https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546
> (https://bugzilla.suse.com/show_bug.cgi?id=1194516)

Thank you carnil for correcting me. It was a mistake, I wrongly pointed a different patch to this flaw, a correction was done.

Comment 14 Product Security DevOps Team 2022-03-20 20:31:33 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0487


Note You need to log in before you can comment on or make changes to this bug.