CVE-2022-48899

drm/virtio: Fix GEM handle creation UAF

Description

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done *after* we are done dereferencing the object.

References

Link	Tags
https://git.kernel.org/stable/c/19ec87d06acfab2313ee82b2a689bf0c154e57ea	patch
https://git.kernel.org/stable/c/d01d6d2b06c0d8390adf8f3ba08aa60b5642ef73	patch
https://git.kernel.org/stable/c/68bcd063857075d2f9edfed6024387ac377923e2	patch
https://git.kernel.org/stable/c/011ecdbcd520c90c344b872ca6b4821f7783b2f8	patch
https://git.kernel.org/stable/c/adc48e5e408afbb01d261bd303fd9fbbbaa3e317	patch
https://git.kernel.org/stable/c/52531258318ed59a2dc5a43df2eaf0eb1d65438e	patch

Frequently Asked Questions

What is the severity of CVE-2022-48899?: CVE-2022-48899 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48899?: To fix CVE-2022-48899, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48899 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-48899 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48899?: CVE-2022-48899 affects Linux Linux, Linux Linux.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions