First published: Wed Aug 31 2022(Updated: )
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | =5.18-rc6 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1974 is considered a medium severity vulnerability due to its potential for information leakage.
To mitigate CVE-2022-1974, updated versions of affected Linux kernel packages such as 5.10.223-1 or 6.1.123-1 should be installed.
CVE-2022-1974 affects users of the Linux kernel versions prior to the patched updates, specifically those with CAP_NET_ADMIN privilege.
CVE-2022-1974 is classified as a use-after-free vulnerability caused by a race condition in the NFC core functionality.
CVE-2022-1974 requires local access for exploitation, making it a local privilege escalation vulnerability.