Vulnerability Database
296,857
Total vulnerabilities in the database
CVE-2022-49258
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccree - Fix use after free in cc_cipher_exit()
kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But ctx_p->user.key is still used in the next line, which will lead to a use after free.
We can call kfree_sensitive() after dev_dbg() to avoid the uaf.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 5.11 | 5.15.33 |
| linux / linux_kernel | 5.17 | 5.17.2 |
| linux / linux_kernel | 5.16 | 5.16.19 |
| linux / linux_kernel | 4.17 | 5.10.110 |
- https://git.kernel.org/stable/c/25c358efee5153dfd240d4e0d3169d5bebe9cacd
- https://git.kernel.org/stable/c/335bf1fc74f775a8255257aa3e33763f2257b676
- https://git.kernel.org/stable/c/3d950c34074ed74d2713c3856ba01264523289e6
- https://git.kernel.org/stable/c/c93017c8d5ebf55a4e453ac7c84cc84cf92ab570
- https://git.kernel.org/stable/c/cffb5382bd8d3cf21b874ab5b84bf7618932286b
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime