CVE-2022-48899

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48899
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48899.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48899
Downstream
Related
Published
2024-08-21T07:15:05Z
Modified
2025-08-09T20:01:27Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/virtio: Fix GEM handle creation UAF

Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done after we are done dereferencing the object.

References

Affected packages