CVE-2022-28390: Double Free

First published: Sun Apr 03 2022(Updated: )

A double-free flaw was found in the Linux kernel in the ems_usb_start_xmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/kernel-rt	<0:4.18.0-425.3.1.rt7.213.el8	0:4.18.0-425.3.1.rt7.213.el8
redhat/kernel	<0:4.18.0-425.3.1.el8	0:4.18.0-425.3.1.el8
redhat/kernel	<0:5.14.0-162.6.1.el9_1	0:5.14.0-162.6.1.el9_1
redhat/kernel-rt	<0:5.14.0-162.6.1.rt21.168.el9_1	0:5.14.0-162.6.1.rt21.168.el9_1
Linux Linux kernel	<=5.17.1
Fedoraproject Fedora	=34
Fedoraproject Fedora	=35
Fedoraproject Fedora	=36
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
Netapp Hci Baseboard Management Controller	=h300e
Netapp Hci Baseboard Management Controller	=h300s
Netapp Hci Baseboard Management Controller	=h410c
Netapp Hci Baseboard Management Controller	=h410s
Netapp Hci Baseboard Management Controller	=h500e
Netapp Hci Baseboard Management Controller	=h500s
Netapp Hci Baseboard Management Controller	=h700e
Netapp Hci Baseboard Management Controller	=h700s
redhat/Linux v	<5.18	5.18
debian/linux		5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1

Remedy

https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
agent/remedy
agent/severity
agent/description
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-28390
agent/software-canonical-lookup
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/softwarecombine
agent/tags
collector/usn-cve
source/Ubuntu
collector/nvd-cve
source/NVD
collector/security-tracker-debian
source/Debian
agent/trending
package-manager/redhat
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/5.17.1
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/34
version/fedoraproject fedora/35
version/fedoraproject fedora/36
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
version/debian debian linux/10.0
version/debian debian linux/11.0
vendor/netapp
canonical/netapp hci baseboard management controller
version/netapp hci baseboard management controller/h300e
version/netapp hci baseboard management controller/h300s
version/netapp hci baseboard management controller/h410c
version/netapp hci baseboard management controller/h410s
version/netapp hci baseboard management controller/h500e
version/netapp hci baseboard management controller/h500s
version/netapp hci baseboard management controller/h700e
version/netapp hci baseboard management controller/h700s
package-manager/debian

CVE-2022-28390: Double Free

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact