Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.2
CVSSv3

CVE-2022-41849

Published: 30/09/2022 Updated: 25/03/2024
CVSS v3 Base Score: 4.2 | Impact Score: 3.6 | Exploitability Score: 0.5
VMScore: 0
Subscribe to Linux

Vulnerability Summary

drivers/video/fbdev/smscufx.c in the Linux kernel up to and including 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 10.0

Vendor Advisories

Ubuntu Security Notice: USN-5793-3: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5793-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5793-2: Linux kernel (Azure) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5793-4: Linux kernel (IBM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Amazon Linux AMI: ALAS-2022-1645
In v4l2_m2m_querybuf of v4l2-mem2memc, there is a possible out of bounds write due to improper input validation This could lead to local escalation of privilege with System execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel (CVE-20 ...
Amazon Linux 2: ALAS2KERNEL-5.10-2022-023
A memory overflow vulnerability was found in the Linux kernel's ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores This flaw allows a local user to starve the resources, causing a denial of service The highest threat from this vulnerability is to system availability (CVE-2021 ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-039
A memory overflow vulnerability was found in the Linux kernel's ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores This flaw allows a local user to starve the resources, causing a denial of service The highest threat from this vulnerability is to system availability (CVE-2021 ...
Arch Linux Issues:
use-after-free in ufx_ops_open() due to race condition with ufx_usb_disconnect() when disconnecting a usb device while calling open() on the device ...

References

CWE-362CWE-416https://lists.debian.org/debian-lts-announce/2022/12/msg00031.htmlhttps://lists.debian.org/debian-lts-announce/2022/12/msg00034.htmlhttps://lore.kernel.org/all/20220925133243.GA383897%40ubuntu/T/https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839chttps://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5793-3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook