CVE-2022-48981: drm/shmem-helper: Remove errant put in error path
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove errant put in error path drm_gem_shmem_mmap() doesn't own this reference, resulting in the GEM object getting prematurely freed leading to a later use-after-free.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.2<5.4.227 | |
| Linux Kernel | >=5.5<5.10.159 | |
| Linux Kernel | >=5.11<5.15.83 | |
| Linux Kernel | >=5.16<6.0.13 | |
| Linux Kernel | =6.1-rc1 | |
| Linux Kernel | =6.1-rc2 | |
| Linux Kernel | =6.1-rc3 | |
| Linux Kernel | =6.1-rc4 | |
| Linux Kernel | =6.1-rc5 | |
| Linux Kernel | =6.1-rc6 | |
| Linux Kernel | =6.1-rc7 | |
| Linux Kernel | =6.1-rc8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/585a07b820059462e0c93b76c7de2cd946b26b40
- https://git.kernel.org/stable/c/6a4da05acd062ae7774b6b19cef2b7d922902d36
- https://git.kernel.org/stable/c/83e3da8bb92fcfa7a1d232cf55f9e6c49bb84942
- https://git.kernel.org/stable/c/586847b98e20ab02212ca5c1fc46680384e68a28
- https://git.kernel.org/stable/c/24013314be6ee4ee456114a671e9fa3461323de8
Frequently Asked Questions
What is the severity of CVE-2022-48981?
CVE-2022-48981 is classified as a medium severity vulnerability affecting the Linux kernel.
How do I fix CVE-2022-48981?
To fix CVE-2022-48981, update your Linux kernel to a version that includes the relevant patches, specifically any version newer than those listed in the affected products.
What systems are vulnerable to CVE-2022-48981?
CVE-2022-48981 affects multiple versions of the Linux kernel, specifically those between versions 5.2 and 6.1-rc8.
What type of vulnerability is CVE-2022-48981?
CVE-2022-48981 is a use-after-free vulnerability caused by improper reference management within the Linux kernel.
What are the potential impacts of CVE-2022-48981?
Exploitation of CVE-2022-48981 may lead to crashes or execution of arbitrary code, posing a risk to system integrity and security.
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/remedy
- agent/softwarecombine
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.2
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.1-rc1
- version/linux kernel/6.1-rc2
- version/linux kernel/6.1-rc3
- version/linux kernel/6.1-rc4
- version/linux kernel/6.1-rc5
- version/linux kernel/6.1-rc6
- version/linux kernel/6.1-rc7
- version/linux kernel/6.1-rc8