CVE-2022-48754

HIGH Year: 2022
CVSS v3 Score
8.4
High
Weakness Type
CWE-416
View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach(). The comment before the put_device() call says that the phydev might go away with put_device(). Fix potential use-after-free by calling phy_device_reset() before put_device().

Related Vulnerabilities

CVE-2018-5891

HIGH
CVSS:8.4(High)

While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHand...

CWE-4162018

CVE-2018-9428

HIGH
CVSS:8.4(High)

In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges...

CWE-4162018

CVE-2021-46973

HIGH
CVSS:8.4(High)

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Avoid potential use after free in MHI send It is possible that the MHI ul_callback will be invoked immediately following ...

CWE-4162021

CVE-2021-47232

HIGH
CVSS:8.4(High)

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that...

CWE-4162021

CVE-2021-47456

HIGH
CVSS:8.4(High)

In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause...

CWE-4162021