Linux Kernel BPF fs/nilfs2/inode.c nilfs_new_inode use after free
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode
of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. Using CWE to declare the problem leads to CWE-416. The weakness was disclosed 10/21/2022 as DLA 3173-1. The advisory is shared for download at git.kernel.org.
This vulnerability is traded as CVE-2022-3649. It is possible to launch the attack remotely. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment.
It is declared as not defined. As 0-day the estimated underground price was around $5k-$25k.
The bugfix is ready for download at git.kernel.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.