CVE-2022-0487 An use-after-free vulnerability was found in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. An local attacker with a user privilege may impact system Confidentiality.

CVE-2022-0487 An use-after-free vulnerability was found in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. An local attacker with a user privilege may impact system Confidentiality.

In the specific configuration of the fuzzer, the system was found to crash with a use-after-free condition. This could be exploited by a local attacker to crash the system.
RCE was found in the Linux kernel. An attacker could leverage this vulnerability to bypass kernel Address Space Layout Randomization (ASLR), and potentially run arbitrary code on the system. This vulnerability does not affect Ubuntu/Mint/Debian users who are running a supported version of Linux. It was found on Ubuntu 16.04. It could be exploited by tricking a victim into installing a malicious package. A attacker could leverage this vulnerability to run arbitrary code on the affected system. It was found on Debian 9. It could be exploited by tricking a victim into installing a malicious package. A attacker could leverage this vulnerability to run arbitrary code on the affected system. It was found on Red Hat Enterprise Linux 7.5. An attacker could leverage this vulnerability to run arbitrary code on the affected system. It was found on SUSE Linux Enterprise Server 12. It could be exploited by tricking a victim into installing a malicious package. A attacker could leverage this vulnerability to run arbitrary code on the affected system. It was found on Gentoo Linux. An attacker could leverage this vulnerability to run arbitrary code on the affected system. It was found on OpenSuSE. It could be exploited by tricking a victim into installing a malicious package

Impact

"This vulnerability does not affect Ubuntu/Mint/Debian users who are running a supported version of Linux."
A remote attacker could exploit this vulnerability to execute arbitrary code on the affected system.

Vulnerability details

An issue was found in the Linux kernel on Ubuntu 16.04. A vulnerability could allow a local attacker to bypass kernel Address Space Layout Randomization (ASLR) and potentially run arbitrary code on the system.
A vulnerability was found in Red Hat Enterprise Linux 7.5. A vulnerability could allow a local attacker to bypass kernel Address Space Layout Randomization (ASLR) and potentially run arbitrary code on the system.
A vulnerability was found in the Linux kernel on Debian 9. A vulnerability could allow a local attacker to bypass kernel Address Space Layout Randomization (ASLR) and potentially run arbitrary code on the system.
A vulnerability was found in SUSE Linux Enterprise Server 12. A vulnerability could allow a local attacker to bypass kernel Address Space Layout Randomization (ASLR) and potentially run arbitrary code on the system.
A vulnerability was found in Gentoo Linux. A vulnerability could allow a local attacker to bypass kernel Address Space Layout Randomization (ASLR) and potentially run arbitrary code on the system.
A vulnerability was found in OpenSuSE 12-SP1 build 151010-1121, it can be exploited by tricking a victim into installing a malicious package, which has been reported as CVE-2022-0487

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe