CVE-2022-48874
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48874
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48874.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48874
- Downstream
- Published
- 2024-08-21T06:10:05Z
- Modified
- 2025-10-15T15:03:01.090241Z
- Summary
- misc: fastrpc: Fix use-after-free and race in fastrpc_map_find
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix use-after-free and race in fastrpcmapfind
Currently, there is a race window between the point when the mutex is unlocked in fastrpcmaplookup and the reference count increasing (fastrpcmapget) in fastrpcmapfind, which can also lead to use-after-free.
So lets merge fastrpcmapfind into fastrpcmaplookup which allows us to both protect the maps list by also taking the &fl->lock spinlock and the reference count, since the spinlock will be released only after. Add take_ref argument to make this suitable for all callers.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8f6c1d8c4f0cc316b0456788fff8373554d1d99dFixeda50c5c25b6e7d2824698c0e6385f882a18f4a498
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8f6c1d8c4f0cc316b0456788fff8373554d1d99dFixed9446fa1683a7e3937d9970248ced427c1983a1c5
Affected versions
v5.*
v5.17
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4