CVE-2022-48872

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48872
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48872.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48872
Downstream
Related
Published
2024-08-21T06:10:02.954Z
Modified
2026-03-20T12:21:58.141273Z
Summary
misc: fastrpc: Fix use-after-free race condition for maps
Details

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: Fix use-after-free race condition for maps

It is possible that in between calling fastrpcmapget() until map->fl->lock is taken in fastrpcfreemap(), another thread can call fastrpcmaplookup() and get a reference to a map that is about to be deleted.

Rewrite fastrpcmapget() to only increase the reference count of a map if it's non-zero. Propagate this to callers so they can know if a map is about to be deleted.

Fixes this warning: refcountt: addition on 0; use-after-free. WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcountwarnsaturate ... Call trace: refcountwarnsaturate [fastrpcmapget inlined] [fastrpcmaplookup inlined] fastrpcmapcreate fastrpcinternalinvoke fastrpcdevice_ioctl _arm64sysioctl invokesyscall

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48872.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c68cfb718c8f97b7f7a50ed66be5feb42d0c8988
Fixed
556dfdb226ce1e5231d8836159b23f8bb0395bf4
Fixed
b171d0d2cf1b8387c72c8d325c5d5746fa271e39
Fixed
61a0890cb95afec5c8a2f4a879de2b6220984ef1
Fixed
079c78c68714f7d8d58e66c477b0243b31806907
Fixed
96b328d119eca7563c1edcc4e1039a62e6370ecb

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48872.json"