Use-after-free in Linux kernel

#VU64861 Use-after-free in Linux kernel

Published: 2022-07-02

Vulnerability identifier: #VU64861

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1679

CWE-ID:

Exploitation vector: Local

Exploit availability:

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath9k_htc_wait_for_target() function in the Linux kernel’s Atheros wireless adapter driver. A local user can execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

Fixed software versions

CPE

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links
http://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
http://security.netapp.com/advisory/ntap-20220629-0007/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Oracle VM Server for x86

Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps

SUSE update for the Linux Kernel

Multiple vulnerabilities in Red Hat OpenShift Logging 5.7

Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.5

Red Hat Enterprise Linux 8 update for kernel

Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.6

Red Hat Enterprise Linux 8 update for kernel-rt

Multiple vulnerabilities in Dell VxRail Appliance components

Red Hat Enterprise Linux 9 update for kernel