{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48861","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-16T11:38:08.920Z","datePublished":"2024-07-16T12:25:25.160Z","dateUpdated":"2025-05-04T08:24:55.147Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:24:55.147Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: fix use-after-free on vp_vdpa_remove\n\nWhen vp_vdpa driver is unbind, vp_vdpa is freed in vdpa_unregister_device\nand then vp_vdpa->mdev.pci_dev is dereferenced in vp_modern_remove,\ntriggering use-after-free.\n\nCall Trace of unbinding driver free vp_vdpa :\ndo_syscall_64\n  vfs_write\n    kernfs_fop_write_iter\n      device_release_driver_internal\n        pci_device_remove\n          vp_vdpa_remove\n            vdpa_unregister_device\n              kobject_release\n                device_release\n                  kfree\n\nCall Trace of dereference vp_vdpa->mdev.pci_dev:\nvp_modern_remove\n  pci_release_selected_regions\n    pci_release_region\n      pci_resource_len\n        pci_resource_end\n          (dev)->resource[(bar)].end"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/vdpa/virtio_pci/vp_vdpa.c"],"versions":[{"version":"64b9f64f80a6f4b7ea51bf0510119cb15e801dc6","lessThan":"4b1743bc715a3691a63ac21b349079b07bf1b19e","status":"affected","versionType":"git"},{"version":"64b9f64f80a6f4b7ea51bf0510119cb15e801dc6","lessThan":"dc54ba9932aeaaa1a21fe214af1f446593a78274","status":"affected","versionType":"git"},{"version":"64b9f64f80a6f4b7ea51bf0510119cb15e801dc6","lessThan":"eb057b44dbe35ae14527830236a92f51de8f9184","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/vdpa/virtio_pci/vp_vdpa.c"],"versions":[{"version":"5.13","status":"affected"},{"version":"0","lessThan":"5.13","status":"unaffected","versionType":"semver"},{"version":"5.15.29","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.15","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.15.29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.16.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4b1743bc715a3691a63ac21b349079b07bf1b19e"},{"url":"https://git.kernel.org/stable/c/dc54ba9932aeaaa1a21fe214af1f446593a78274"},{"url":"https://git.kernel.org/stable/c/eb057b44dbe35ae14527830236a92f51de8f9184"}],"title":"vdpa: fix use-after-free on vp_vdpa_remove","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:25:01.773Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/4b1743bc715a3691a63ac21b349079b07bf1b19e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/dc54ba9932aeaaa1a21fe214af1f446593a78274","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/eb057b44dbe35ae14527830236a92f51de8f9184","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48861","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:25:32.248865Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:07.423Z"}}]}}