CVE-2022-48874
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48874
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48874.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48874
- Downstream
- Published
- 2024-08-21T06:10:05.081Z
- Modified
- 2025-11-28T08:12:03.614922Z
- Summary
- misc: fastrpc: Fix use-after-free and race in fastrpc_map_find
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix use-after-free and race in fastrpcmapfind
Currently, there is a race window between the point when the mutex is unlocked in fastrpcmaplookup and the reference count increasing (fastrpcmapget) in fastrpcmapfind, which can also lead to use-after-free.
So lets merge fastrpcmapfind into fastrpcmaplookup which allows us to both protect the maps list by also taking the &fl->lock spinlock and the reference count, since the spinlock will be released only after. Add take_ref argument to make this suitable for all callers.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48874.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/9446fa1683a7e3937d9970248ced427c1983a1c5
- https://git.kernel.org/stable/c/a50c5c25b6e7d2824698c0e6385f882a18f4a498
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48874.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-48874
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8f6c1d8c4f0cc316b0456788fff8373554d1d99dFixeda50c5c25b6e7d2824698c0e6385f882a18f4a498Fixed9446fa1683a7e3937d9970248ced427c1983a1c5
Affected versions
v5.*
v5.17
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fastrpc_map_find",
"file": "drivers/misc/fastrpc.c"
},
"digest": {
"function_hash": "25382636931215770283091402321502232849",
"length": 173.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a50c5c25b6e7d2824698c0e6385f882a18f4a498",
"id": "CVE-2022-48874-2469a06b"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fastrpc_map_create",
"file": "drivers/misc/fastrpc.c"
},
"digest": {
"function_hash": "70098770422086283728989420529450652834",
"length": 1744.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a50c5c25b6e7d2824698c0e6385f882a18f4a498",
"id": "CVE-2022-48874-2559977d"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fastrpc_map_lookup",
"file": "drivers/misc/fastrpc.c"
},
"digest": {
"function_hash": "212788032905910240706554647753031311643",
"length": 327.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9446fa1683a7e3937d9970248ced427c1983a1c5",
"id": "CVE-2022-48874-3f056ac1"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fastrpc_put_args",
"file": "drivers/misc/fastrpc.c"
},
"digest": {
"function_hash": "139100685527087836325827448984538680565",
"length": 1022.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9446fa1683a7e3937d9970248ced427c1983a1c5",
"id": "CVE-2022-48874-47f22104"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/misc/fastrpc.c"
},
"digest": {
"line_hashes": [
"212695703427761978393181008587867859131",
"92234006976814572900888628768108342260",
"171397231027535047146002515710202991826",
"216616555998018859326105694344282667936",
"202502820785505938147369139246544074529",
"142076730870873543476966888400874023734",
"137979683090704938328874238207801320583",
"185606763551749837830842933489998029057",
"6776840602604040548101190757661156724",
"189252469047122559012097341826237055496",
"216135529751899367112447585491724358070",
"308991017335305271509916624380675308539",
"334812866639398387704737322693290430078",
"229608117143503312288293673224480653306",
"309483136989463984232022915394990193356",
"321833049123173005838609004221711448356",
"261757873497686144336775790963127043334",
"127034865313586542715758259111012799636",
"31599587063480841003478992262438687020",
"154314684676688130399844563193436808134",
"319088154873424753082170893095967698531",
"155541790613163248720286618221663001175",
"45144142983348892405375786026389453626",
"76347269418492062512425520308955630950",
"117490221670940926609709528276110262386",
"264714299152406554458088243256868677397",
"216060184225491369083381032101423031317",
"311391354362378480546746580529407683753",
"105053629296963528546251265010490843483",
"236566295803777506018595515021711153812",
"221504062828588850203170742441964637470"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9446fa1683a7e3937d9970248ced427c1983a1c5",
"id": "CVE-2022-48874-7ba6c343"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fastrpc_map_find",
"file": "drivers/misc/fastrpc.c"
},
"digest": {
"function_hash": "25382636931215770283091402321502232849",
"length": 173.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9446fa1683a7e3937d9970248ced427c1983a1c5",
"id": "CVE-2022-48874-84441ce5"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fastrpc_map_create",
"file": "drivers/misc/fastrpc.c"
},
"digest": {
"function_hash": "114091342169145420498116635221122115836",
"length": 1744.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9446fa1683a7e3937d9970248ced427c1983a1c5",
"id": "CVE-2022-48874-8480ad1f"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/misc/fastrpc.c"
},
"digest": {
"line_hashes": [
"212695703427761978393181008587867859131",
"92234006976814572900888628768108342260",
"171397231027535047146002515710202991826",
"216616555998018859326105694344282667936",
"202502820785505938147369139246544074529",
"142076730870873543476966888400874023734",
"137979683090704938328874238207801320583",
"185606763551749837830842933489998029057",
"6776840602604040548101190757661156724",
"189252469047122559012097341826237055496",
"216135529751899367112447585491724358070",
"308991017335305271509916624380675308539",
"334812866639398387704737322693290430078",
"229608117143503312288293673224480653306",
"309483136989463984232022915394990193356",
"321833049123173005838609004221711448356",
"261757873497686144336775790963127043334",
"127034865313586542715758259111012799636",
"31599587063480841003478992262438687020",
"154314684676688130399844563193436808134",
"319088154873424753082170893095967698531",
"155541790613163248720286618221663001175",
"45144142983348892405375786026389453626",
"76347269418492062512425520308955630950",
"117490221670940926609709528276110262386",
"264714299152406554458088243256868677397",
"216060184225491369083381032101423031317",
"311391354362378480546746580529407683753",
"105053629296963528546251265010490843483",
"236566295803777506018595515021711153812",
"221504062828588850203170742441964637470"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a50c5c25b6e7d2824698c0e6385f882a18f4a498",
"id": "CVE-2022-48874-a47bf760"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fastrpc_put_args",
"file": "drivers/misc/fastrpc.c"
},
"digest": {
"function_hash": "139100685527087836325827448984538680565",
"length": 1022.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a50c5c25b6e7d2824698c0e6385f882a18f4a498",
"id": "CVE-2022-48874-b6d0d2b6"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fastrpc_map_lookup",
"file": "drivers/misc/fastrpc.c"
},
"digest": {
"function_hash": "212788032905910240706554647753031311643",
"length": 327.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a50c5c25b6e7d2824698c0e6385f882a18f4a498",
"id": "CVE-2022-48874-fbb10fe7"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48874.json"