CVE-2022-49258
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But ctx_p->user.key is still used in the next line, which will lead to a use after free. We can call kfree_sensitive() after dev_dbg() to avoid the uaf.
Security Summary
CVE-2022-49258 is a use-after-free vulnerability in the Linux kernel's crypto/ccree driver, specifically within the cc_cipher_exit() function. The flaw arises when kfree_sensitive(ctx_p->user.key) frees the ctx_p->user.key memory, but the subsequent dev_dbg() call still references it, resulting in a use-after-free condition classified under CWE-416.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation leads to high impacts on confidentiality, integrity, and availability, as indicated by the CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Mitigation is provided through patches in Linux kernel stable branches, including commits at https://git.kernel.org/stable/c/25c358efee5153dfd240d4e0d3169d5bebe9cacd, https://git.kernel.org/stable/c/335bf1fc74f775a8255257aa3e33763f2257b676, https://git.kernel.org/stable/c/3d950c34074ed74d2713c3856ba01264523289e6, https://git.kernel.org/stable/c/c93017c8d5ebf55a4e453ac7c84cc84cf92ab570, and https://git.kernel.org/stable/c/cffb5382bd8d3cf21b874ab5b84bf7618932286b. Security practitioners should update affected systems to kernel versions incorporating these fixes.
Details
- CWE(s)