First published: Mon Jan 24 2022(Updated: )
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. References: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39</a> <a href="https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/">https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/</a> <a href="https://bugzilla.suse.com/show_bug.cgi?id=1194516">https://bugzilla.suse.com/show_bug.cgi?id=1194516</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <5.17 | 5.17 |
Linux Kernel | <=5.13.19 | |
Red Hat Enterprise Linux | =8.0 | |
Debian Linux | =9.0 | |
Debian Linux | =11.0 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-0487 is classified as having a medium severity level due to its potential impact on system confidentiality.
To address CVE-2022-0487, users should upgrade to the latest kernel versions specified in the vulnerability advisory.
CVE-2022-0487 affects multiple versions of the Linux kernel, specifically those prior to 5.17 and several versions within the 5.x and 6.x series.
Yes, a local attacker with user privileges can exploit CVE-2022-0487 to potentially impact system confidentiality.
Yes, CVE-2022-0487 has been addressed in subsequent kernel updates, which include necessary patches to mitigate the vulnerability.