CVE-2022-0646 in Linuxinfo

Summary

by MITRE • 02/18/2022

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

02/16/2022

Disclosure

02/18/2022

Moderation

accepted

Entry

VDB-193341

CPE

ready

CWE

CWE-459 (confirmed)

CVSS

8.8 (VulDB)

EPSS

0.00110

KEV

Activities

very low

Sector

Chemical, Government, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-0646
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-0646
CVE Details	https://www.cvedetails.com/cve/CVE-2022-0646/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!