CVE-2022-28388
Description
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-2458.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-2148.html
Vendor advisory: alma — https://bugzilla.redhat.com/2176192
Vendor advisory: alma — https://bugzilla.redhat.com/2168246
Vendor advisory: alma — https://bugzilla.redhat.com/2165721
Vendor advisory: alma — https://bugzilla.redhat.com/2162120
Vendor advisory: alma — https://bugzilla.redhat.com/2160023
Vendor advisory: alma — https://bugzilla.redhat.com/2154235
Vendor advisory: alma — https://bugzilla.redhat.com/2154171
Vendor advisory: alma — https://bugzilla.redhat.com/2151270
Vendor advisory: alma — https://bugzilla.redhat.com/2150979
Vendor advisory: alma — https://bugzilla.redhat.com/2150960
Vendor advisory: alma — https://bugzilla.redhat.com/2150947
Vendor advisory: alma — https://bugzilla.redhat.com/2147364
Vendor advisory: alma — https://bugzilla.redhat.com/2144720
Vendor advisory: alma — https://bugzilla.redhat.com/2143943
Vendor advisory: alma — https://bugzilla.redhat.com/2143893
Vendor advisory: alma — https://bugzilla.redhat.com/2137979
Vendor advisory: alma — https://bugzilla.redhat.com/2134528
Vendor advisory: alma — https://bugzilla.redhat.com/2134517
Vendor advisory: alma — https://bugzilla.redhat.com/2134506
Vendor advisory: alma — https://bugzilla.redhat.com/2134451
Vendor advisory: alma — https://bugzilla.redhat.com/2134380
Vendor advisory: alma — https://bugzilla.redhat.com/2134377
Vendor advisory: alma — https://bugzilla.redhat.com/2133490
Vendor advisory: alma — https://bugzilla.redhat.com/2133483
Vendor advisory: alma — https://bugzilla.redhat.com/2130141
Vendor advisory: alma — https://bugzilla.redhat.com/2124788
Vendor advisory: alma — https://bugzilla.redhat.com/2123056
Vendor advisory: alma — https://bugzilla.redhat.com/2122228
Vendor advisory: alma — https://bugzilla.redhat.com/2114937
Vendor advisory: alma — https://bugzilla.redhat.com/2108691
Vendor advisory: alma — https://bugzilla.redhat.com/2107924
Vendor advisory: alma — https://bugzilla.redhat.com/2106830
Vendor advisory: alma — https://bugzilla.redhat.com/2090723
Vendor advisory: alma — https://bugzilla.redhat.com/2089701
Vendor advisory: alma — https://bugzilla.redhat.com/2078466
Vendor advisory: alma — https://bugzilla.redhat.com/2061703
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-7077.html
Vendor advisory: alma — https://bugzilla.redhat.com/2236982
Vendor advisory: alma — https://bugzilla.redhat.com/2225511
Vendor advisory: alma — https://bugzilla.redhat.com/2225201
Vendor advisory: alma — https://bugzilla.redhat.com/2225191
Vendor advisory: alma — https://bugzilla.redhat.com/2223949
Vendor advisory: alma — https://bugzilla.redhat.com/2221707
Vendor advisory: alma — https://bugzilla.redhat.com/2218943
Vendor advisory: alma — https://bugzilla.redhat.com/2218212
Vendor advisory: alma — https://bugzilla.redhat.com/2218195
Vendor advisory: alma — https://bugzilla.redhat.com/2215837
Vendor advisory: alma — https://bugzilla.redhat.com/2215836
Vendor advisory: alma — https://bugzilla.redhat.com/2215835
Vendor advisory: alma — https://bugzilla.redhat.com/2215502
Vendor advisory: alma — https://bugzilla.redhat.com/2214348
Vendor advisory: alma — https://bugzilla.redhat.com/2213802
Vendor advisory: alma — https://bugzilla.redhat.com/2213485
Vendor advisory: alma — https://bugzilla.redhat.com/2213199
Vendor advisory: alma — https://bugzilla.redhat.com/2213139
Vendor advisory: alma — https://bugzilla.redhat.com/2193219
Vendor advisory: alma — https://bugzilla.redhat.com/2193097
Vendor advisory: alma — https://bugzilla.redhat.com/2192671
Vendor advisory: alma — https://bugzilla.redhat.com/2192667
Vendor advisory: alma — https://bugzilla.redhat.com/2188468
Vendor advisory: alma — https://bugzilla.redhat.com/2187257
Vendor advisory: alma — https://bugzilla.redhat.com/2185945
Vendor advisory: alma — https://bugzilla.redhat.com/2184578
Vendor advisory: alma — https://bugzilla.redhat.com/2182443
Vendor advisory: alma — https://bugzilla.redhat.com/2181330
Vendor advisory: alma — https://bugzilla.redhat.com/2177389
Vendor advisory: alma — https://bugzilla.redhat.com/2177371
Vendor advisory: alma — https://bugzilla.redhat.com/2176140
Vendor advisory: alma — https://bugzilla.redhat.com/2175903
Vendor advisory: alma — https://bugzilla.redhat.com/2174400
Vendor advisory: alma — https://bugzilla.redhat.com/2173444
Vendor advisory: alma — https://bugzilla.redhat.com/2173434
Vendor advisory: alma — https://bugzilla.redhat.com/2173430
Vendor advisory: alma — https://bugzilla.redhat.com/2173403
Vendor advisory: alma — https://bugzilla.redhat.com/2168332
Vendor advisory: alma — https://bugzilla.redhat.com/2165926
Vendor advisory: alma — https://bugzilla.redhat.com/2165741
Vendor advisory: alma — https://bugzilla.redhat.com/2156322
Vendor advisory: alma — https://bugzilla.redhat.com/2151317
Vendor advisory: alma — https://bugzilla.redhat.com/2149024
Vendor advisory: alma — https://bugzilla.redhat.com/2148520
Vendor advisory: alma — https://bugzilla.redhat.com/2147356
Vendor advisory: alma — https://bugzilla.redhat.com/2139610
Vendor advisory: alma — https://bugzilla.redhat.com/2133455
Vendor advisory: alma — https://bugzilla.redhat.com/2133453
Vendor advisory: alma — https://bugzilla.redhat.com/2073091
Vendor advisory: alma — https://bugzilla.redhat.com/2024989
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:7077
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-28388
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-28388.html
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2458
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2148
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| arch | fixed | 5.17.5.hardened1-1 | |
| sles | affected | | |
| debian | bookworm | fixed | 5.17.3-1 |
| debian | bullseye | fixed | 5.10.113-1 |
| debian | forky | fixed | 5.17.3-1 |
| debian | sid | fixed | 5.17.3-1 |
| debian | trixie | fixed | 5.17.3-1 |
References
- https://access.redhat.com/errata/RHSA-2023:2148
- https://access.redhat.com/errata/RHSA-2023:2458
- https://www.suse.com/security/cve/CVE-2022-28388.html
- https://security-tracker.debian.org/tracker/CVE-2022-28388
- https://access.redhat.com/errata/RHSA-2023:7077
- https://bugzilla.redhat.com/2024989
- https://bugzilla.redhat.com/2073091
- https://bugzilla.redhat.com/2133453
- https://bugzilla.redhat.com/2133455
- https://bugzilla.redhat.com/2139610
- https://bugzilla.redhat.com/2147356
- https://bugzilla.redhat.com/2148520
- https://bugzilla.redhat.com/2149024
- https://bugzilla.redhat.com/2151317
- https://bugzilla.redhat.com/2156322
- https://bugzilla.redhat.com/2165741
- https://bugzilla.redhat.com/2165926
- https://bugzilla.redhat.com/2168332
- https://bugzilla.redhat.com/2173403
- https://bugzilla.redhat.com/2173430
- https://bugzilla.redhat.com/2173434
- https://bugzilla.redhat.com/2173444
- https://bugzilla.redhat.com/2174400
- https://bugzilla.redhat.com/2175903
- https://bugzilla.redhat.com/2176140
Verify integrity in audit chain (admin only). AS-IS.