Use-after-free in Linux kernel cachefiles

1) Use-after-free

EUVDB-ID: #VU104479

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49062

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_set_volume_xattr() function in fs/cachefiles/xattr.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.17 - 5.18 rc8

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:5.17:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc1:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc2:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc3:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc4:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc5:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc6:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc7:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc8:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc9:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/09a5df1b88c8f126c8ff9938edf160edd4e92f42
https://git.kernel.org/stable/c/7b2f6c306601240635c72caa61f682e74d4591b2
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.4
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.