Use After Free Affecting kernel-zfcpdump-devel package, versions <0:4.18.0-553.22.1.el8_10
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-KERNELZFCPDUMPDEVEL-7325604
- published 21 Jun 2024
- disclosed 20 Jun 2024
Introduced: 20 Jun 2024
CVE-2022-48754 Open this link in a new tabHow to fix?
Upgrade RHEL:8
kernel-zfcpdump-devel
to version 0:4.18.0-553.22.1.el8_10 or higher.
This issue was patched in RHSA-2024:7000
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-zfcpdump-devel
package and not the kernel-zfcpdump-devel
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
phylib: fix potential use-after-free
Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach().
The comment before the put_device() call says that the phydev might go away with put_device().
Fix potential use-after-free by calling phy_device_reset() before put_device().
References
- https://access.redhat.com/security/cve/CVE-2022-48754
- https://git.kernel.org/stable/c/67d271760b037ce0806d687ee6057edc8afd4205
- https://git.kernel.org/stable/c/aefaccd19379d6c4620269a162bfb88ff687f289
- https://git.kernel.org/stable/c/bd024e36f68174b1793906c39ca16cee0c9295c2
- https://git.kernel.org/stable/c/cb2fab10fc5e7a3aa1bb0a68a3abdcf3e37852af
- https://git.kernel.org/stable/c/cbda1b16687580d5beee38273f6241ae3725960c
- https://git.kernel.org/stable/c/f39027cbada43b33566c312e6be3db654ca3ad17