CVE-2022-3424

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 2

Advisories 55

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2023-03-06 23:15:10
(18 months ago)
Updated Date: 2023-11-07 03:51:13
(10 months ago)

Affected Products

Linux

Linux Kernel

Redhat

Enterprise Linux

Configuration #1

	CPE23	From	Up To
Linux Kernel from 2.6.33 version and prior 4.9.337 version	cpe:2.3:o:linux:linux_kernel	>= 2.6.33	< 4.9.337
Linux Kernel from 4.10 version and prior 4.14.303 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.14.303
Linux Kernel from 4.15 version and prior 4.19.270 version	cpe:2.3:o:linux:linux_kernel	>= 4.15	< 4.19.270
Linux Kernel from 4.20 version and prior 5.4.229 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.4.229
Linux Kernel from 5.5 version and prior 5.10.163 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.10.163
Linux Kernel from 5.11 version and prior 5.15.86 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.86
Linux Kernel from 5.16 version and prior 6.0.16 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.0.16
Linux Kernel from 6.1 version and prior 6.1.2 version	cpe:2.3:o:linux:linux_kernel	>= 6.1	< 6.1.2

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0