Use-After-Free

2022-10-1210:56:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

linux

kernel

use-after-free

vulnerability

rose_timer

software

0.0004 Low

EPSS

Percentile

5.1%

JSON

linux is vulnerable to use-after-free. The vulnerability exists in the timer handler in net/rose/rose_timer.c which allows attackers to crash linux kernel without any privileges.

CPENameOperatorVersion
linux-gke:focaleq5.4.0.1029.37
linux-gke:focaleq5.4.0.1009.9
linux-gke:focaleq5.4.0.1030.38
linux-gke:focaleq5.4.0.1024.21
linux-gke:focaleq5.4.0.1021.19
linux-gke:focaleq5.4.0.1025.22
linux-oracle:focaleq5.4.0.1030.27
linux-oracle:focaleq5.4.0.1009.9
linux-oracle:focaleq5.4.0.1029.26
linux-oracle:focaleq5.4.0.1024.21

Name	Operator	Version
linux-gke:focal	eq	5.4.0.1029.37
linux-gke:focal	eq	5.4.0.1009.9
linux-gke:focal	eq	5.4.0.1030.38
linux-gke:focal	eq	5.4.0.1024.21
linux-gke:focal	eq	5.4.0.1021.19
linux-gke:focal	eq	5.4.0.1025.22
linux-oracle:focal	eq	5.4.0.1030.27
linux-oracle:focal	eq	5.4.0.1009.9
linux-oracle:focal	eq	5.4.0.1029.26
linux-oracle:focal	eq	5.4.0.1024.21