{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48872","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-16T11:38:08.921Z","datePublished":"2024-08-21T06:10:02.954Z","dateUpdated":"2025-05-04T08:25:13.379Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:25:13.379Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix use-after-free race condition for maps\n\nIt is possible that in between calling fastrpc_map_get() until\nmap->fl->lock is taken in fastrpc_free_map(), another thread can call\nfastrpc_map_lookup() and get a reference to a map that is about to be\ndeleted.\n\nRewrite fastrpc_map_get() to only increase the reference count of a map\nif it's non-zero. Propagate this to callers so they can know if a map is\nabout to be deleted.\n\nFixes this warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate\n...\nCall trace:\n refcount_warn_saturate\n [fastrpc_map_get inlined]\n [fastrpc_map_lookup inlined]\n fastrpc_map_create\n fastrpc_internal_invoke\n fastrpc_device_ioctl\n __arm64_sys_ioctl\n invoke_syscall"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/misc/fastrpc.c"],"versions":[{"version":"c68cfb718c8f97b7f7a50ed66be5feb42d0c8988","lessThan":"556dfdb226ce1e5231d8836159b23f8bb0395bf4","status":"affected","versionType":"git"},{"version":"c68cfb718c8f97b7f7a50ed66be5feb42d0c8988","lessThan":"b171d0d2cf1b8387c72c8d325c5d5746fa271e39","status":"affected","versionType":"git"},{"version":"c68cfb718c8f97b7f7a50ed66be5feb42d0c8988","lessThan":"61a0890cb95afec5c8a2f4a879de2b6220984ef1","status":"affected","versionType":"git"},{"version":"c68cfb718c8f97b7f7a50ed66be5feb42d0c8988","lessThan":"079c78c68714f7d8d58e66c477b0243b31806907","status":"affected","versionType":"git"},{"version":"c68cfb718c8f97b7f7a50ed66be5feb42d0c8988","lessThan":"96b328d119eca7563c1edcc4e1039a62e6370ecb","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/misc/fastrpc.c"],"versions":[{"version":"5.1","status":"affected"},{"version":"0","lessThan":"5.1","status":"unaffected","versionType":"semver"},{"version":"5.4.230","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.165","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.90","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.8","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.4.230"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.10.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.15.90"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.1.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4"},{"url":"https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39"},{"url":"https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1"},{"url":"https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907"},{"url":"https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb"}],"title":"misc: fastrpc: Fix use-after-free race condition for maps","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48872","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:05:25.671974Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-12T17:32:54.076Z"}}]}}