CVE-2022-48899
AMD Virtio GPU Use-After-Free Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done *after* we are done dereferencing the object.
INFO
Published Date :
Aug. 21, 2024, 7:15 a.m.
Last Modified :
Sept. 11, 2024, 4:22 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.0
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-48899.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-48899 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-48899 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Sep. 11, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Changed Reference Type https://git.kernel.org/stable/c/011ecdbcd520c90c344b872ca6b4821f7783b2f8 No Types Assigned https://git.kernel.org/stable/c/011ecdbcd520c90c344b872ca6b4821f7783b2f8 Patch Changed Reference Type https://git.kernel.org/stable/c/19ec87d06acfab2313ee82b2a689bf0c154e57ea No Types Assigned https://git.kernel.org/stable/c/19ec87d06acfab2313ee82b2a689bf0c154e57ea Patch Changed Reference Type https://git.kernel.org/stable/c/52531258318ed59a2dc5a43df2eaf0eb1d65438e No Types Assigned https://git.kernel.org/stable/c/52531258318ed59a2dc5a43df2eaf0eb1d65438e Patch Changed Reference Type https://git.kernel.org/stable/c/68bcd063857075d2f9edfed6024387ac377923e2 No Types Assigned https://git.kernel.org/stable/c/68bcd063857075d2f9edfed6024387ac377923e2 Patch Changed Reference Type https://git.kernel.org/stable/c/adc48e5e408afbb01d261bd303fd9fbbbaa3e317 No Types Assigned https://git.kernel.org/stable/c/adc48e5e408afbb01d261bd303fd9fbbbaa3e317 Patch Changed Reference Type https://git.kernel.org/stable/c/d01d6d2b06c0d8390adf8f3ba08aa60b5642ef73 No Types Assigned https://git.kernel.org/stable/c/d01d6d2b06c0d8390adf8f3ba08aa60b5642ef73 Patch Added CWE NIST CWE-416 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4 up to (excluding) 4.19.270 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.229 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.164 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.89 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.7 *cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Aug. 21, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done *after* we are done dereferencing the object. Added Reference kernel.org https://git.kernel.org/stable/c/19ec87d06acfab2313ee82b2a689bf0c154e57ea [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/d01d6d2b06c0d8390adf8f3ba08aa60b5642ef73 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/68bcd063857075d2f9edfed6024387ac377923e2 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/011ecdbcd520c90c344b872ca6b4821f7783b2f8 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/adc48e5e408afbb01d261bd303fd9fbbbaa3e317 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/52531258318ed59a2dc5a43df2eaf0eb1d65438e [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-48899 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-48899
weaknesses.