Bug 2074208 (CVE-2022-28893) - CVE-2022-28893 kernel: Use after free in SUNRPC subsystem
Summary: CVE-2022-28893 kernel: Use after free in SUNRPC subsystem
Keywords:
Status: NEW
Alias: CVE-2022-28893
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2089427 2089428 2089429 2089430
Blocks: 2074211
TreeView+ depends on / blocked
 
Reported: 2022-04-11 19:05 UTC by Pedro Sampaio
Modified: 2022-07-28 18:23 UTC (History)
48 users (show)

Fixed In Version: kernel 5.18 rc2
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel’s net/sunrpc/xprt.c function in the Remote Procedure Call (SunRPC) protocol. This flaw allows a local attacker to crash the system, leading to a kernel information leak issue.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2022-04-11 19:05:49 UTC
A use-after-free flaw was found in net/sunrpc/xprt.c in the Remote Procedure Call (SunRPC) protocol in the Linux kernel. This flaw could allow a local attacker to crash, and this may even lead to a kernel information leak problem.

References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a
http://www.openwall.com/lists/oss-security/2022/04/11/4
http://www.openwall.com/lists/oss-security/2022/04/11/3


Note You need to log in before you can comment on or make changes to this bug.