Use-after-free in Linux kernel - CVE-2022-48626
Published: May 31, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU90261
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-48626
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the moxart_remove() function in drivers/mmc/host/moxart-mmc.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/f5dc193167591e88797262ec78515a0cbe79ff5f
- https://git.kernel.org/stable/c/e6f580d0b3349646d4ee1ce0057eb273e8fb7e2e
- https://git.kernel.org/stable/c/9c25d5ff1856b91bd4365e813f566cb59aaa9552
- https://git.kernel.org/stable/c/3a0a7ec5574b510b067cfc734b8bdb6564b31d4e
- https://git.kernel.org/stable/c/be93028d306dac9f5b59ebebd9ec7abcfc69c156
- https://git.kernel.org/stable/c/af0e6c49438b1596e4be8a267d218a0c88a42323
- https://git.kernel.org/stable/c/7f901d53f120d1921f84f7b9b118e87e94b403c5
- https://git.kernel.org/stable/c/bd2db32e7c3e35bd4d9b8bbff689434a50893546
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.266
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.301
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.100
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.179