Bug 2084443 (CVE-2022-1974) - CVE-2022-1974 kernel: use-after-free in /net/nfc/core.c causes kernel crash by simulating nfc device from user-space
Summary: CVE-2022-1974 kernel: use-after-free in /net/nfc/core.c causes kernel crash b...
Keywords:
Status: NEW
Alias: CVE-2022-1974
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2084445
TreeView+ depends on / blocked
 
Reported: 2022-05-12 07:28 UTC by TEJ RATHI
Modified: 2022-07-16 03:22 UTC (History)
48 users (show)

Fixed In Version: kernel 5.18 rc6
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description TEJ RATHI 2022-05-12 07:28:15 UTC
There is use-after-free vulnerability in /net/nfc/core.c of linux that allow attacker to crash linux kernel by simulating nfc device from user-space.

[Patch]
https://github.com/torvalds/linux/commit/da5c0f119203ad9728920456a0f52a6d850c01cd

Comment 5 Rohit Keshri 2022-05-30 19:38:19 UTC
There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.


Note You need to log in before you can comment on or make changes to this bug.