{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48854", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.913Z", "datePublished": "2024-07-16T12:25:20.477Z", "dateUpdated": "2024-09-11T17:34:08.203Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T12:25:20.477Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: arc_emac: Fix use after free in arc_mdio_probe()\n\nIf bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will free\nthe \"bus\". But bus->name is still used in the next line, which will lead\nto a use after free.\n\nWe can fix it by putting the name in a local variable and make the\nbus->name point to the rodata section \"name\",then use the name in the\nerror message without referring to bus to avoid the uaf."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/arc/emac_mdio.c"], "versions": [{"version": "95b5fc03c189", "lessThan": "84c831803785", "status": "affected", "versionType": "git"}, {"version": "95b5fc03c189", "lessThan": "bc0e610a6eb0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/arc/emac_mdio.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.15", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/84c831803785c2c3bec5c28c0e8a0b72f6b41d4d"}, {"url": "https://git.kernel.org/stable/c/bc0e610a6eb0d46e4123fafdbe5e6141d9fff3be"}], "title": "net: arc_emac: Fix use after free in arc_mdio_probe()", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.653Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/84c831803785c2c3bec5c28c0e8a0b72f6b41d4d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bc0e610a6eb0d46e4123fafdbe5e6141d9fff3be", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48854", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:25:55.573548Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:08.203Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48854", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.913Z", "datePublished": "2024-07-16T12:25:20.477Z", "dateUpdated": "2024-08-03T15:25:01.653Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T12:25:20.477Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: arc_emac: Fix use after free in arc_mdio_probe()\n\nIf bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will free\nthe \"bus\". But bus->name is still used in the next line, which will lead\nto a use after free.\n\nWe can fix it by putting the name in a local variable and make the\nbus->name point to the rodata section \"name\",then use the name in the\nerror message without referring to bus to avoid the uaf."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/arc/emac_mdio.c"], "versions": [{"version": "95b5fc03c189", "lessThan": "84c831803785", "status": "affected", "versionType": "git"}, {"version": "95b5fc03c189", "lessThan": "bc0e610a6eb0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/arc/emac_mdio.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.15", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/84c831803785c2c3bec5c28c0e8a0b72f6b41d4d"}, {"url": "https://git.kernel.org/stable/c/bc0e610a6eb0d46e4123fafdbe5e6141d9fff3be"}], "title": "net: arc_emac: Fix use after free in arc_mdio_probe()", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48854", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:25:55.573548Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:20.872Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335", "versionEndExcluding": "5.16.15", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: arc_emac: Fix use after free in arc_mdio_probe()\n\nIf bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will free\nthe \"bus\". But bus->name is still used in the next line, which will lead\nto a use after free.\n\nWe can fix it by putting the name in a local variable and make the\nbus->name point to the rodata section \"name\",then use the name in the\nerror message without referring to bus to avoid the uaf."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: arc_emac: corrige el use after free en arc_mdio_probe() Si bus->state es igual a MDIOBUS_ALLOCATED, mdiobus_free(bus) liberar\u00e1 el \"bus\". Pero bus->name todav\u00eda se usa en la siguiente l\u00ednea, lo que conducir\u00e1 a un uso posterior a free. Podemos solucionarlo poniendo el nombre en una variable local y haciendo que bus->nombre apunte a la secci\u00f3n \"nombre\" de rodata, luego use el nombre en el mensaje de error sin hacer referencia al bus para evitar el uaf."}], "id": "CVE-2022-48854", "lastModified": "2024-07-23T15:26:31.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-16T13:15:12.457", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/84c831803785c2c3bec5c28c0e8a0b72f6b41d4d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bc0e610a6eb0d46e4123fafdbe5e6141d9fff3be"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: arc_emac: Fix use after free in arc_mdio_probe()", "id": "2298195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298195"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: arc_emac: Fix use after free in arc_mdio_probe()\nIf bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will free\nthe \"bus\". But bus->name is still used in the next line, which will lead\nto a use after free.\nWe can fix it by putting the name in a local variable and make the\nbus->name point to the rodata section \"name\",then use the name in the\nerror message without referring to bus to avoid the uaf."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48854", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48854\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48854\nhttps://lore.kernel.org/linux-cve-announce/2024071626-CVE-2022-48854-9d4e@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.16.15, kernel 5.17"}