Description

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.

Related CPE's

o

linux

linux_kernel

Vulnerable

o

netapp

h300s_firmware

-

Vulnerable

h

netapp

h300s

-

o

netapp

h500s_firmware

-

Vulnerable

h

netapp

h500s

-

o

netapp

h700s_firmware

-

Vulnerable

h

netapp

h700s

-

o

netapp

h410s_firmware

-

Vulnerable

h

netapp

h410s

-

o

netapp

h410c_firmware

-

Vulnerable

h

netapp

h410c

-

References

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3

https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/

https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/

https://security.netapp.com/advisory/ntap-20230113-0006/

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-362CWE-416

CVSS impact metrics

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-25T04:15:09.180

2 years ago

Last modified

2024-03-25T01:15:52.840

1 year ago