CVE-2022-0487

 

Published at: - 05-02-2022 12:15

Last modified: - 26-10-2022 01:44

Total changes: - 6

Description

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

 

Verification logic

 

Reference

• https://bugzilla.redhat.com/show_bug.cgi?id=2044561
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39
• [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update-Mailing List, Third Party Advisory
• [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update-Mailing List, Third Party Advisory
• DSA-5096-Third Party Advisory
• DSA-5095-Third Party Advisory

 

Keywords

NVD

 

CVE-2022-0487

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures