CVE-2022-3707: Double Free
First published: Fri Oct 07 2022(Updated: )
A deouble-free flaw in the Linux Kernel Intel GVT-g graphics driver found. The problem happens when some system resource on high cost. One way to trigger is to make dma high load. When it gets into the situation when function intel_gvt_dma_map_guest_page failed, the flaw being triggered. Reference: <a href="https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/">https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-477.10.1.rt7.274.el8_8 | 0:4.18.0-477.10.1.rt7.274.el8_8 |
| redhat/kernel | <0:4.18.0-477.10.1.el8_8 | 0:4.18.0-477.10.1.el8_8 |
| redhat/kernel | <0:5.14.0-284.11.1.el9_2 | 0:5.14.0-284.11.1.el9_2 |
| redhat/kernel-rt | <0:5.14.0-284.11.1.rt14.296.el9_2 | 0:5.14.0-284.11.1.rt14.296.el9_2 |
| redhat/Linux kernel | <6.1 | 6.1 |
| Linux Kernel | <6.1 | |
| Linux Kernel | =6.1 | |
| Linux Kernel | =6.1-rc1 | |
| Linux Kernel | =6.1-rc2 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-3707 https://nvd.nist.gov/vuln/detail/CVE-2022-3707 https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=2137979
- https://access.redhat.com/errata/RHSA-2023:2736
- https://access.redhat.com/errata/RHSA-2023:2951
- https://access.redhat.com/errata/RHSA-2023:2458
- https://access.redhat.com/errata/RHSA-2023:2148
- https://access.redhat.com/security/cve/cve-2022-3707
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/
- https://launchpad.net/bugs/cve/CVE-2022-3707
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2138001
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2134596
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb84f2e119accfc65d5fa6ebe31751cdc3bca9fb
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2134591
- https://access.redhat.com/errata/RHSA-2024:0724
- https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz%40163.com/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3707
- https://nvd.nist.gov/vuln/detail/CVE-2022-3707
- https://security-tracker.debian.org/tracker/CVE-2022-3707
- https://ubuntu.com/security/CVE-2022-3707
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-3707
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.1
- version/linux kernel/6.1-rc1
- version/linux kernel/6.1-rc2
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- package-manager/debian