CVE-2022-48670

{"id": "CVE-2022-48670", "metrics": {}, "published": "2024-05-03T15:15:07.377", "references": [{"url": "https://git.kernel.org/stable/c/1c11289b34ab67ed080bbe0f1855c4938362d9cf", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c87f1f99e26ea4ae08cabe753ae98e5626bdba89", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npeci: cpu: Fix use-after-free in adev_release()\n\nWhen auxiliary_device_add() returns an error, auxiliary_device_uninit()\nis called, which causes refcount for device to be decremented and\n.release callback will be triggered.\n\nBecause adev_release() re-calls auxiliary_device_uninit(), it will cause\nuse-after-free:\n[ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15\n[ 1269.464007] refcount_t: underflow; use-after-free."}], "lastModified": "2024-05-03T15:32:19.637", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}