CVE-2022-48782
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48782
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48782.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48782
- Downstream
- Published
- 2024-07-16T11:13:19.141Z
- Modified
- 2025-11-28T06:55:22.568759Z
- Summary
- mctp: fix use after free
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mctp: fix use after free
Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed tracemctpkeyacquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ When mctpkeyadd() fails, key is freed but then is later used in tracemctpkeyacquire(). Add an else statement to use the key only when mctpkeyadd() is successful.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48782.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e
- https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48782.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-48782
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4f9e1ba6de45aa8797a83f1fe5b82ec4bac16899Fixed1dd3ecbec5f606b2a526c47925c8634b1a6bb81eFixed7e5b6a5c8c44310784c88c1c198dde79f6402f7b
Affected versions
v5.*
v5.15
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.10
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17-rc1
v5.17-rc2
v5.17-rc3
Database specific
vanir_signatures
[
{
"id": "CVE-2022-48782-13ed357b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/mctp/route.c"
},
"digest": {
"line_hashes": [
"32783245244078417231161919177352571585",
"238736029649292958503275664475847594081",
"104915369421017566973688679981299896482",
"96922029918314196021954437780035457808",
"321100171297322121271044162167001687601",
"180356368141406130165557540897424966761",
"154763022461254857924980248380635238366"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e5b6a5c8c44310784c88c1c198dde79f6402f7b"
},
{
"id": "CVE-2022-48782-334113a2",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "mctp_route_input",
"file": "net/mctp/route.c"
},
"digest": {
"length": 2215.0,
"function_hash": "164974237058717470059746643224831041942"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1dd3ecbec5f606b2a526c47925c8634b1a6bb81e"
},
{
"id": "CVE-2022-48782-7a817881",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/mctp/route.c"
},
"digest": {
"line_hashes": [
"32783245244078417231161919177352571585",
"238736029649292958503275664475847594081",
"104915369421017566973688679981299896482",
"96922029918314196021954437780035457808",
"321100171297322121271044162167001687601",
"180356368141406130165557540897424966761",
"154763022461254857924980248380635238366"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1dd3ecbec5f606b2a526c47925c8634b1a6bb81e"
},
{
"id": "CVE-2022-48782-c7df442c",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "mctp_route_input",
"file": "net/mctp/route.c"
},
"digest": {
"length": 2215.0,
"function_hash": "164974237058717470059746643224831041942"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e5b6a5c8c44310784c88c1c198dde79f6402f7b"
}
]