Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

Vulnerability IntelligenceCVE-2022-49385

CVE-2022-49385

HIGH7.8

driver: base: fix UAF when driver_attach failed

Published Feb 26, 2025

Modified 10 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

driver: base: fix UAF when driver_attach failed

When driver_attach(drv); failed, the driver_private will be freed. But it has been added to the bus, which caused a UAF.

To fix it, we need to delete it from the bus when failed.

References

WEB

https://git.kernel.org/stable/c/310862e574001a97ad02272bac0fd13f75f42a27

WEB

https://git.kernel.org/stable/c/5389101257828d1913d713d9a40acbe14f5961df

WEB

https://git.kernel.org/stable/c/5d709f58c743166fe1c6914b9de0ae8868600d9b

WEB

https://git.kernel.org/stable/c/823f24f2e329babd0330200d0b74882516fe57f4

WEB

https://git.kernel.org/stable/c/c059665c84feab46b7173d3a1bf36c2fb7f9df86

WEB

https://git.kernel.org/stable/c/cdf1a683a01583bca4b618dd16223cbd6e462e21

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2022-49385

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedFeb 26, 2025

ModifiedMay 4, 2025

CVE-2022-49385 | Mondoo Vulnerability Intelligence