CVE-2022-49385
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: driver: base: fix UAF when driver_attach failed When driver_attach(drv); failed, the driver_private will be freed. But it has been added to the bus, which caused a UAF. To fix it, we need to delete it from the bus when failed.
Security Summary
CVE-2022-49385 is a Use After Free (UAF) vulnerability in the Linux kernel's driver base subsystem, stemming from improper handling during driver attachment. Specifically, when the driver_attach function fails, the driver_private structure is freed even though it has already been added to the bus, leading to a UAF condition. This issue is tracked under CWE-416 and affects Linux kernel versions prior to the application of the relevant stable patches.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements, as indicated by the CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation could result in high impacts to confidentiality, integrity, and availability, potentially allowing the attacker to execute arbitrary code or cause denial of service within the kernel context.
Mitigation involves applying the upstream patches from the provided kernel stable commit references, such as https://git.kernel.org/stable/c/310862e574001a97ad02272bac0fd13f75f42a27 and others, which fix the issue by removing the driver_private from the bus before freeing it upon driver_attach failure. Security practitioners should ensure systems are updated to kernels incorporating these commits.
Details
- CWE(s)