Use After Free Affecting kernel-core package, versions *
Threat Intelligence
EPSS
0.04% (6th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL9-KERNELCORE-8252902
- published 23 Oct 2024
- disclosed 21 Oct 2024
Introduced: 21 Oct 2024
New CVE-2022-48981 Open this link in a new tabHow to fix?
There is no fixed version for RHEL:9 kernel-core.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-core package and not the kernel-core package as distributed by RHEL.
See How to fix? for RHEL:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
drm/shmem-helper: Remove errant put in error path
drm_gem_shmem_mmap() doesn't own this reference, resulting in the GEM object getting prematurely freed leading to a later use-after-free.
References
- https://access.redhat.com/security/cve/CVE-2022-48981
- https://git.kernel.org/stable/c/24013314be6ee4ee456114a671e9fa3461323de8
- https://git.kernel.org/stable/c/585a07b820059462e0c93b76c7de2cd946b26b40
- https://git.kernel.org/stable/c/586847b98e20ab02212ca5c1fc46680384e68a28
- https://git.kernel.org/stable/c/6a4da05acd062ae7774b6b19cef2b7d922902d36
- https://git.kernel.org/stable/c/83e3da8bb92fcfa7a1d232cf55f9e6c49bb84942
CVSS Scores
version 3.1