CVE-2022-3707: Double Free
First published: Fri Oct 07 2022(Updated: )
A deouble-free flaw in the Linux Kernel Intel GVT-g graphics driver found. The problem happens when some system resource on high cost. One way to trigger is to make dma high load. When it gets into the situation when function intel_gvt_dma_map_guest_page failed, the flaw being triggered. Reference: <a href="https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/">https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-477.10.1.rt7.274.el8_8 | 0:4.18.0-477.10.1.rt7.274.el8_8 |
| redhat/kernel | <0:4.18.0-477.10.1.el8_8 | 0:4.18.0-477.10.1.el8_8 |
| redhat/kernel | <0:5.14.0-284.11.1.el9_2 | 0:5.14.0-284.11.1.el9_2 |
| redhat/kernel-rt | <0:5.14.0-284.11.1.rt14.296.el9_2 | 0:5.14.0-284.11.1.rt14.296.el9_2 |
| Linux Linux kernel | <6.1 | |
| Linux Linux kernel | =6.1 | |
| Linux Linux kernel | =6.1-rc1 | |
| Linux Linux kernel | =6.1-rc2 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| redhat/Linux kernel | <6.1 | 6.1 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.6-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-3707 https://nvd.nist.gov/vuln/detail/CVE-2022-3707 https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=2137979
- https://access.redhat.com/errata/RHSA-2023:2736
- https://access.redhat.com/errata/RHSA-2023:2951
- https://access.redhat.com/errata/RHSA-2023:2458
- https://access.redhat.com/errata/RHSA-2023:2148
- https://access.redhat.com/security/cve/cve-2022-3707
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/
- https://launchpad.net/bugs/cve/CVE-2022-3707
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2138001
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2134596
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb84f2e119accfc65d5fa6ebe31751cdc3bca9fb
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2134591
- https://access.redhat.com/errata/RHSA-2024:0724
- https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz%40163.com/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3707
- https://nvd.nist.gov/vuln/detail/CVE-2022-3707
- https://security-tracker.debian.org/tracker/CVE-2022-3707
- https://ubuntu.com/security/CVE-2022-3707
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-3707
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- source/NVD
- collector/security-tracker-debian
- source/Debian
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- agent/trending
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/6.1
- version/linux linux kernel/6.1-rc1
- version/linux linux kernel/6.1-rc2
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- package-manager/debian