CVE-2022-48695: scsi: mpt3sas: Fix use-after-free warning
First published: Fri May 03 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use-after-free warning Fix the following use-after-free warning which is observed during controller reset: refcount_t: underflow; use-after-free. WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.9.328 | 4.9.328 |
| redhat/kernel | <4.14.293 | 4.14.293 |
| redhat/kernel | <4.19.258 | 4.19.258 |
| redhat/kernel | <5.4.213 | 5.4.213 |
| redhat/kernel | <5.10.143 | 5.10.143 |
| redhat/kernel | <5.15.68 | 5.15.68 |
| redhat/kernel | <5.19.9 | 5.19.9 |
| redhat/kernel | <6.0 | 6.0 |
| Linux Kernel | <4.9.328 | |
| Linux Kernel | >=4.10<4.14.293 | |
| Linux Kernel | >=4.15<4.19.258 | |
| Linux Kernel | >=4.20<5.4.213 | |
| Linux Kernel | >=5.5<5.10.143 | |
| Linux Kernel | >=5.11<5.15.168 | |
| Linux Kernel | >=5.16<5.19.9 | |
| Linux Kernel | =6.0-rc1 | |
| Linux Kernel | =6.0-rc2 | |
| Linux Kernel | =6.0-rc3 | |
| Linux Kernel | =6.0-rc4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b
- https://git.kernel.org/stable/c/5682c94644fde72f72bded6580c38189ffc856b5
- https://git.kernel.org/stable/c/6229fa494a5949be209bc73afbc5d0a749c2e3c7
- https://git.kernel.org/stable/c/82efb917eeb27454dc4c6fe26432fc8f6c75bc16
- https://git.kernel.org/stable/c/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34
- https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82
- https://git.kernel.org/stable/c/d4959d09b76eb7a4146f5133962b88d3bddb63d6
- https://git.kernel.org/stable/c/ea10a652ad2ae2cf3eced6f632a5c98f26727057
- https://access.redhat.com/security/cve/CVE-2022-48695
- https://lore.kernel.org/linux-cve-announce/2024050348-CVE-2022-48695-8a9e@gregkh/T
- https://access.redhat.com/errata/RHSA-2024:9500
- https://bugzilla.redhat.com/show_bug.cgi?id=2278999
Frequently Asked Questions
What is the severity of CVE-2022-48695?
CVE-2022-48695 has been classified as a high-severity vulnerability due to the potential for a use-after-free condition.
How do I fix CVE-2022-48695?
To fix CVE-2022-48695, update your Linux kernel to one of the secure versions such as 4.9.328, 4.14.293, or higher.
What software is affected by CVE-2022-48695?
CVE-2022-48695 affects multiple versions of the Linux kernel, including various versions between 4.9 and 6.0.
What is a use-after-free vulnerability in CVE-2022-48695?
A use-after-free vulnerability like CVE-2022-48695 occurs when a program continues to use a pointer after the memory it references has been released.
What are the potential impacts of CVE-2022-48695?
The potential impacts of CVE-2022-48695 include system crashes, data corruption, and possible remote code execution if exploited.
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-48695
- agent/last-modified-date
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.0-rc1
- version/linux kernel/6.0-rc2
- version/linux kernel/6.0-rc3
- version/linux kernel/6.0-rc4
- package-manager/redhat