What is the severity of CVE-2022-48697?

CVE-2022-48697 is classified as a high severity vulnerability due to its potential to cause a use-after-free condition.

How do I fix CVE-2022-48697?

To fix CVE-2022-48697, you should update the Linux kernel to the latest version that patches this vulnerability.

What systems are affected by CVE-2022-48697?

CVE-2022-48697 affects several versions of the Linux kernel, including versions from 4.8 to 6.0-rc4.

What type of vulnerability is CVE-2022-48697?

CVE-2022-48697 is a use-after-free vulnerability found in the Linux kernel.

What are the potential impacts of CVE-2022-48697?

The potential impacts of CVE-2022-48697 include crashes, system instability, or the possibility of remote code execution.

Vulnerability/
CVE-2022-48697

medium

5.3

CWE

416

3/5/2024

8/4/2025

CVE-2022-48697: nvmet: fix a use-after-free

First published: Fri May 03 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350 Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460 Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop] Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e print_report.cold+0x36/0x1e2 kasan_report+0xb9/0xf0 __asan_load4+0x6b/0x80 blk_mq_complete_request_remote+0xac/0x350 nvme_loop_queue_response+0x1df/0x275 [nvme_loop] __nvmet_req_complete+0x132/0x4f0 [nvmet] nvmet_req_complete+0x15/0x40 [nvmet] nvmet_execute_io_connect+0x18a/0x1f0 [nvmet] nvme_loop_execute_work+0x20/0x30 [nvme_loop] process_one_work+0x56e/0xa70 worker_thread+0x2d1/0x640 kthread+0x183/0x1c0 ret_from_fork+0x1f/0x30

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Red Hat Kernel-devel
Linux Kernel	>=4.8<4.19.260
Linux Kernel	>=4.20<5.4.213
Linux Kernel	>=5.5<5.10.143
Linux Kernel	>=5.11<5.15.68
Linux Kernel	>=5.16<5.19.9
Linux Kernel	=6.0-rc1
Linux Kernel	=6.0-rc2
Linux Kernel	=6.0-rc3
Linux Kernel	=6.0-rc4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-48697?
CVE-2022-48697 is classified as a high severity vulnerability due to its potential to cause a use-after-free condition.
How do I fix CVE-2022-48697?
To fix CVE-2022-48697, you should update the Linux kernel to the latest version that patches this vulnerability.
What systems are affected by CVE-2022-48697?
CVE-2022-48697 affects several versions of the Linux kernel, including versions from 4.8 to 6.0-rc4.
What type of vulnerability is CVE-2022-48697?
CVE-2022-48697 is a use-after-free vulnerability found in the Linux kernel.
What are the potential impacts of CVE-2022-48697?
The potential impacts of CVE-2022-48697 include crashes, system instability, or the possibility of remote code execution.

agent/references
agent/title
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/author
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/tags
vendor/linux
canonical/red hat kernel-devel
canonical/linux kernel
version/linux kernel/4.8
version/linux kernel/4.20
version/linux kernel/5.5
version/linux kernel/5.11
version/linux kernel/5.16
version/linux kernel/6.0-rc1
version/linux kernel/6.0-rc2
version/linux kernel/6.0-rc3
version/linux kernel/6.0-rc4

Frequently Asked Questions

What is the severity of CVE-2022-48697?
CVE-2022-48697 is classified as a high severity vulnerability due to its potential to cause a use-after-free condition.
How do I fix CVE-2022-48697?
To fix CVE-2022-48697, you should update the Linux kernel to the latest version that patches this vulnerability.
What systems are affected by CVE-2022-48697?
CVE-2022-48697 affects several versions of the Linux kernel, including versions from 4.8 to 6.0-rc4.
What type of vulnerability is CVE-2022-48697?
CVE-2022-48697 is a use-after-free vulnerability found in the Linux kernel.
What are the potential impacts of CVE-2022-48697?
The potential impacts of CVE-2022-48697 include crashes, system instability, or the possibility of remote code execution.

CVE-2022-48697: nvmet: fix a use-after-free

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-48697?

How do I fix CVE-2022-48697?

What systems are affected by CVE-2022-48697?

What type of vulnerability is CVE-2022-48697?

What are the potential impacts of CVE-2022-48697?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2022-48697?

How do I fix CVE-2022-48697?

What systems are affected by CVE-2022-48697?

What type of vulnerability is CVE-2022-48697?

What are the potential impacts of CVE-2022-48697?