CVE-2022-3977

HIGH Year: 2022
CVSS v3 Score
7.8
High
Weakness Type
CWE-416
View all →

Vulnerability Description

A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system.

Related Vulnerabilities

CVE-2009-0749

HIGH
CVSS:7.8(High)

Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (applicatio...

CWE-4162009

CVE-2009-4324

HIGH
CVSS:7.8(High)

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to exec...

CWE-4162009

CVE-2013-2830

HIGH
CVSS:7.8(High)

Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file.

CWE-4162013

CVE-2014-9926

HIGH
CVSS:7.8(High)

In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.

CWE-4162014

CVE-2014-9930

HIGH
CVSS:7.8(High)

In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.

CWE-4162014

CVE-2014-9946

HIGH
CVSS:7.8(High)

In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.

CWE-4162014