CVE-2022-3424

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Published: Mar 7, 2023
Updated: Apr 14, 2023
CVE: CVE-2022-3424
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	9.0	9.0.x
linux / linux_kernel	4.10	4.14.303
linux / linux_kernel	4.15	4.19.270
linux / linux_kernel	4.20	5.4.229
linux / linux_kernel	5.16	6.0.16
linux / linux_kernel	6.1	6.1.2
linux / linux_kernel	2.6.33	4.9.337
linux / linux_kernel	5.5	5.10.163
linux / linux_kernel	5.11	5.15.86

https://bugzilla.redhat.com/show_bug.cgi?id=2132640
https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
https://lore.kernel.org/all/[email protected]/
https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com/
https://security.netapp.com/advisory/ntap-20230406-0005/
https://www.spinics.net/lists/kernel/msg4518970.html

Vulnerability Database

291,049

CVE-2022-3424