摘要:
In the Linux kernel, the following vulnerability has been resolved:peci: cpu: Fix use-after-free in adev_release()When auxiliary_device_add() returns an error, auxiliary_device_uninit()is called, which causes refcount for device to be decremented and.release callback will be triggered.Because adev_release() re-calls auxiliary_device_uninit(), it will causeuse-after-free:[ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15[ 1269.464007] refcount_t: underflow; use-after-free.
安全等级: Low
公告ID: KylinSec-SA-2024-2605
发布日期: 2024年6月5日
关联CVE: CVE-2022-48670
In the Linux kernel, the following vulnerability has been resolved:peci: cpu: Fix use-after-free in adev_release()When auxiliary_device_add() returns an error, auxiliary_device_uninit()is called, which causes refcount for device to be decremented and.release callback will be triggered.Because adev_release() re-calls auxiliary_device_uninit(), it will causeuse-after-free:[ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15[ 1269.464007] refcount_t: underflow; use-after-free.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-48670 | KY3.4-5 | kernel | Unaffected |
| CVE-2022-48670 | KY3.5.3 | kernel | Unaffected |
| CVE-2022-48670 | V6 | kernel | Unaffected |
