CVE-2022-41849
Published: September 30, 2022Last modified: August 23, 2024
Description
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.2 |
Attack Vector | PHYSICAL |
Attack complexity | HIGH |
Privileges required | NONE |
User interaction | NONE |
Scope | UNCHANGED |
Confidentiality | NONE |
Integrity impact | NONE |
Availability impact | HIGH |
Vector | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | Stream | linux-lts | Not affected (6.1.33-r0) |
References
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839c
- https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
- https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
- https://lore.kernel.org/all/20220925133243.GA383897%40ubuntu/T/