CVE-2022-48821 (GCVE-0-2022-48821)

Vulnerability from cvelistv5 – Published: 2024-07-16 11:44 – Updated: 2026-05-11 18:47
VLAI
Title
misc: fastrpc: avoid double fput() on failed usercopy
Summary
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput() on failed usercopy If the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF ioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact, dma_buf_fd() called fd_install() before, i.e. "consumed" one reference, leaving us with none. Calling dma_buf_put() will therefore put a reference we no longer own, leading to a valid file descritor table entry for an already released 'file' object which is a straight use-after-free. Simply avoid calling dma_buf_put() and rely on the process exit code to do the necessary cleanup, if needed, i.e. if the file descriptor is still valid.
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 6cffd79504ce040f460831030d3069fa1c99bb71 , < 4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215 (git)
Affected: 6cffd79504ce040f460831030d3069fa1c99bb71 , < a5ce7ee5fcc07583159f54ab4af5164de00148f5 (git)
Affected: 6cffd79504ce040f460831030d3069fa1c99bb71 , < e4382d0a39f9a1e260d62fdc079ddae5293c037d (git)
Affected: 6cffd79504ce040f460831030d3069fa1c99bb71 , < 76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc (git)
Affected: 6cffd79504ce040f460831030d3069fa1c99bb71 , < 46963e2e0629cb31c96b1d47ddd89dc3d8990b34 (git)
Create a notification for this product.
Linux Linux Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.180 , ≤ 5.4.* (semver)
Unaffected: 5.10.101 , ≤ 5.10.* (semver)
Unaffected: 5.15.24 , ≤ 5.15.* (semver)
Unaffected: 5.16.10 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.487Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48821",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:57:59.542299Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:12.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/misc/fastrpc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215",
              "status": "affected",
              "version": "6cffd79504ce040f460831030d3069fa1c99bb71",
              "versionType": "git"
            },
            {
              "lessThan": "a5ce7ee5fcc07583159f54ab4af5164de00148f5",
              "status": "affected",
              "version": "6cffd79504ce040f460831030d3069fa1c99bb71",
              "versionType": "git"
            },
            {
              "lessThan": "e4382d0a39f9a1e260d62fdc079ddae5293c037d",
              "status": "affected",
              "version": "6cffd79504ce040f460831030d3069fa1c99bb71",
              "versionType": "git"
            },
            {
              "lessThan": "76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc",
              "status": "affected",
              "version": "6cffd79504ce040f460831030d3069fa1c99bb71",
              "versionType": "git"
            },
            {
              "lessThan": "46963e2e0629cb31c96b1d47ddd89dc3d8990b34",
              "status": "affected",
              "version": "6cffd79504ce040f460831030d3069fa1c99bb71",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/misc/fastrpc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.180",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.101",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.24",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.10",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: avoid double fput() on failed usercopy\n\nIf the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF\nioctl(), we shouldn\u0027t assume that \u0027buf-\u003edmabuf\u0027 is still valid. In fact,\ndma_buf_fd() called fd_install() before, i.e. \"consumed\" one reference,\nleaving us with none.\n\nCalling dma_buf_put() will therefore put a reference we no longer own,\nleading to a valid file descritor table entry for an already released\n\u0027file\u0027 object which is a straight use-after-free.\n\nSimply avoid calling dma_buf_put() and rely on the process exit code to\ndo the necessary cleanup, if needed, i.e. if the file descriptor is\nstill valid."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T18:47:47.442Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d"
        },
        {
          "url": "https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34"
        }
      ],
      "title": "misc: fastrpc: avoid double fput() on failed usercopy",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48821",
    "datePublished": "2024-07-16T11:44:07.965Z",
    "dateReserved": "2024-07-16T11:38:08.901Z",
    "dateUpdated": "2026-05-11T18:47:47.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-48821",
      "date": "2026-05-26",
      "epss": "0.00047",
      "percentile": "0.14498"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmisc: fastrpc: avoid double fput() on failed usercopy\\n\\nIf the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF\\nioctl(), we shouldn\u0027t assume that \u0027buf-\u003edmabuf\u0027 is still valid. In fact,\\ndma_buf_fd() called fd_install() before, i.e. \\\"consumed\\\" one reference,\\nleaving us with none.\\n\\nCalling dma_buf_put() will therefore put a reference we no longer own,\\nleading to a valid file descritor table entry for an already released\\n\u0027file\u0027 object which is a straight use-after-free.\\n\\nSimply avoid calling dma_buf_put() and rely on the process exit code to\\ndo the necessary cleanup, if needed, i.e. if the file descriptor is\\nstill valid.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: evitar doble fput() en copia de usuario fallida. Si la copia al \\u00e1rea de usuario falla para FASTRPC_IOCTL_ALLOC_DMA_BUFF ioctl(), no debemos asumir que \u0027buf-\u0026gt;dmabuf\u0027 aun es v\\u00e1lido. De hecho, dma_buf_fd() llam\\u00f3 a fd_install() antes, es decir, \\\"consumi\\u00f3\\\" una referencia, dej\\u00e1ndonos sin ninguna. Por lo tanto, llamar a dma_buf_put() colocar\\u00e1 una referencia que ya no poseemos, lo que conducir\\u00e1 a una entrada v\\u00e1lida en la tabla de descripci\\u00f3n de archivos para un objeto \u0027archivo\u0027 ya publicado que es un use-after-free directo. Simplemente evite llamar a dma_buf_put() y conf\\u00ede en el c\\u00f3digo de salida del proceso para realizar la limpieza necesaria, si es necesario, es decir, si el descriptor del archivo a\\u00fan es v\\u00e1lido.\"}]",
      "id": "CVE-2022-48821",
      "lastModified": "2024-11-21T07:34:09.053",
      "published": "2024-07-16T12:15:06.010",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48821\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-16T12:15:06.010\",\"lastModified\":\"2025-09-25T19:36:51.900\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmisc: fastrpc: avoid double fput() on failed usercopy\\n\\nIf the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF\\nioctl(), we shouldn\u0027t assume that \u0027buf-\u003edmabuf\u0027 is still valid. In fact,\\ndma_buf_fd() called fd_install() before, i.e. \\\"consumed\\\" one reference,\\nleaving us with none.\\n\\nCalling dma_buf_put() will therefore put a reference we no longer own,\\nleading to a valid file descritor table entry for an already released\\n\u0027file\u0027 object which is a straight use-after-free.\\n\\nSimply avoid calling dma_buf_put() and rely on the process exit code to\\ndo the necessary cleanup, if needed, i.e. if the file descriptor is\\nstill valid.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: evitar doble fput() en copia de usuario fallida. Si la copia al \u00e1rea de usuario falla para FASTRPC_IOCTL_ALLOC_DMA_BUFF ioctl(), no debemos asumir que \u0027buf-\u0026gt;dmabuf\u0027 aun es v\u00e1lido. De hecho, dma_buf_fd() llam\u00f3 a fd_install() antes, es decir, \\\"consumi\u00f3\\\" una referencia, dej\u00e1ndonos sin ninguna. Por lo tanto, llamar a dma_buf_put() colocar\u00e1 una referencia que ya no poseemos, lo que conducir\u00e1 a una entrada v\u00e1lida en la tabla de descripci\u00f3n de archivos para un objeto \u0027archivo\u0027 ya publicado que es un use-after-free directo. Simplemente evite llamar a dma_buf_put() y conf\u00ede en el c\u00f3digo de salida del proceso para realizar la limpieza necesaria, si es necesario, es decir, si el descriptor del archivo a\u00fan es v\u00e1lido.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1\",\"versionEndExcluding\":\"5.4.180\",\"matchCriteriaId\":\"CDDF7C0A-34BC-4EE5-972C-04626CA8CFF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.101\",\"matchCriteriaId\":\"A154171E-A3B9-42BE-9E97-C9B0EA43FC54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.24\",\"matchCriteriaId\":\"866451F0-299E-416C-B0B8-AE6B33E62CCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.16.10\",\"matchCriteriaId\":\"679523BA-1392-404B-AB85-F5A5408B1ECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6E34B23-78B4-4516-9BD8-61B33F4AC49A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T15:25:01.487Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-48821\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:57:59.542299Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:21.325Z\"}}], \"cna\": {\"title\": \"misc: fastrpc: avoid double fput() on failed usercopy\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6cffd79504ce040f460831030d3069fa1c99bb71\", \"lessThan\": \"4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6cffd79504ce040f460831030d3069fa1c99bb71\", \"lessThan\": \"a5ce7ee5fcc07583159f54ab4af5164de00148f5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6cffd79504ce040f460831030d3069fa1c99bb71\", \"lessThan\": \"e4382d0a39f9a1e260d62fdc079ddae5293c037d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6cffd79504ce040f460831030d3069fa1c99bb71\", \"lessThan\": \"76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6cffd79504ce040f460831030d3069fa1c99bb71\", \"lessThan\": \"46963e2e0629cb31c96b1d47ddd89dc3d8990b34\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/misc/fastrpc.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.1\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.1\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.180\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.101\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.24\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"5.16.10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.16.*\"}, {\"status\": \"unaffected\", \"version\": \"5.17\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/misc/fastrpc.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215\"}, {\"url\": \"https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5\"}, {\"url\": \"https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d\"}, {\"url\": \"https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc\"}, {\"url\": \"https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmisc: fastrpc: avoid double fput() on failed usercopy\\n\\nIf the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF\\nioctl(), we shouldn\u0027t assume that \u0027buf-\u003edmabuf\u0027 is still valid. In fact,\\ndma_buf_fd() called fd_install() before, i.e. \\\"consumed\\\" one reference,\\nleaving us with none.\\n\\nCalling dma_buf_put() will therefore put a reference we no longer own,\\nleading to a valid file descritor table entry for an already released\\n\u0027file\u0027 object which is a straight use-after-free.\\n\\nSimply avoid calling dma_buf_put() and rely on the process exit code to\\ndo the necessary cleanup, if needed, i.e. if the file descriptor is\\nstill valid.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.180\", \"versionStartIncluding\": \"5.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.101\", \"versionStartIncluding\": \"5.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.24\", \"versionStartIncluding\": \"5.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.16.10\", \"versionStartIncluding\": \"5.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.17\", \"versionStartIncluding\": \"5.1\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T18:47:47.442Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-48821\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T18:47:47.442Z\", \"dateReserved\": \"2024-07-16T11:38:08.901Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-07-16T11:44:07.965Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.