Use-After-Free Vulnerability in Linux Kernel MCTP Subsystem Allows Privilege Escalation

Use-After-Free Vulnerability in Linux Kernel MCTP Subsystem Allows Privilege Escalation

CVE-2022-0646 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.