CVE-2022-28390
Description
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c CVSS v3: 7.0 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-425.3.1.rt7.213.el8RHSA-2022:74442022-11-08T00:00:00Z Red Hat Enterprise Linux 8kernel-0:4.18.0-425.3.1.el8RHSA-2022:76832022-11-08T00:00:00Z Red Hat…
Description
kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
CVSS v3: 7.0 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-425.3.1.rt7.213.el8 | RHSA-2022:7444 | 2022-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-425.3.1.el8 | RHSA-2022:7683 | 2022-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Extended Update Support | kernel-0:4.18.0-372.91.1.el8_6 | RHSA-2024:0724 | 2024-02-07T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-162.6.1.el9_1 | RHSA-2022:8267 | 2022-11-15T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1 | RHSA-2022:7933 | 2022-11-15T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-162.6.1.el9_1 | RHSA-2022:8267 | 2022-11-15T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | kernel-0:4.18.0-372.91.1.el8_6 | RHSA-2024:0724 | 2024-02-07T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Affected |
| Red Hat Enterprise Linux 7 | kernel | Will not fix |
| Red Hat Enterprise Linux 7 | kernel-rt | Will not fix |
Apply commands
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rtAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| almalinux | 9 | fixed | kernel-rt-debug-core-5.14.0-162.6.1.rt21.168.el9_1.x86_64.rpm |
| arch | fixed | 5.17.5.hardened1-1 | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 5.17.3-1 |
| debian | bullseye | fixed | 5.10.113-1 |
| debian | forky | fixed | 5.17.3-1 |
| debian | sid | fixed | 5.17.3-1 |
| debian | trixie | fixed | 5.17.3-1 |
| almalinux | 8 | fixed | kernel-doc-4.18.0-425.3.1.el8.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2022:7933
- https://bugzilla.redhat.com/1980646
- https://bugzilla.redhat.com/2037386
- https://bugzilla.redhat.com/2051444
- https://bugzilla.redhat.com/2052312
- https://bugzilla.redhat.com/2053632
- https://bugzilla.redhat.com/2058395
- https://bugzilla.redhat.com/2059928
- https://bugzilla.redhat.com/2066614
- https://bugzilla.redhat.com/2066706
- https://bugzilla.redhat.com/2066819
- https://bugzilla.redhat.com/2070205
- https://bugzilla.redhat.com/2071022
- https://bugzilla.redhat.com/2073064
- https://bugzilla.redhat.com/2074208
- https://bugzilla.redhat.com/2084125
- https://bugzilla.redhat.com/2084183
- https://bugzilla.redhat.com/2084479
- https://bugzilla.redhat.com/2088021
- https://bugzilla.redhat.com/2089815
- https://bugzilla.redhat.com/2090226
- https://bugzilla.redhat.com/2090237
- https://bugzilla.redhat.com/2090240
- https://bugzilla.redhat.com/2090241
- https://bugzilla.redhat.com/2103148
💬 Discuss CVE-2022-28390 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.