Race condition in Linux kernel - CVE-2022-48759
Published: June 20, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU92931
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-48759
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rpmsg_ctrldev_release_device(), rpmsg_chrdev_probe() and rpmsg_chrdev_remove() functions in drivers/rpmsg/rpmsg_char.c. A local user can escalate privileges on the system.
How to mitigate CVE-2022-48759
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35
- https://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e
- https://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b
- https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a
- https://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c
- https://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7
- https://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.265
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.96
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.176