oss-sec mailing list archives
CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem
From: Felix Fu <foyjog () gmail com>
Date: Mon, 11 Apr 2022 16:20:56 +0800
Hello, I Request a CVE from MITRE. Description: The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. Details: Use after free happens in inet_put_port because some sockets are not close before xs_xprt_free(). CVE-ID: CVE-2022-28893 ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893) Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a ------------------------------------------------------------ I followed the steps as below : To report minor security bugs (such as local DOS or local info leak): 1、Report the bug publicly to kernel developers as described above and wait until a fix is committed. Alternatively, you can develop and send a fix yourself. 2、Request a CVE from MITRE through the web form. Describe the bug details and add a link to the fix (from patchwork.kernel.org, git.kernel.org or github.com) in the request. 3、Once a CVE is assigned, send the bug details, the CVE number and a link to the fix to oss-security () lists openwall com ( https://github.com/google/syzkaller/blob/master/docs/linux/reporting_kernel_bugs.md )
Current thread:
- CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Felix Fu (Apr 11)
- Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Greg KH (Apr 11)
- Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Mike O'Connor (Apr 11)
- Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Greg KH (Apr 11)