CVE-2022-28796
Published: April 8, 2022Last modified: September 7, 2023
Description
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7 |
Attack Vector | LOCAL |
Attack complexity | HIGH |
Privileges required | LOW |
User interaction | NONE |
Scope | UNCHANGED |
Confidentiality | HIGH |
Integrity impact | HIGH |
Availability impact | HIGH |
Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | 23 LTS | linux-lts | Not affected (6.1.50-r0) |
Stream | linux-lts | Not affected (6.1.50-r0) |