SB20251226162 - Use-after-free in Linux kernel 802

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2022-50697)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mrp_join_timer(), mrp_periodic_timer(), mrp_init_applicant() and mrp_uninit_applicant() functions in net/802/mrp.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/1a185fe83c2a60c1e3596fb9d82dbeb148dc09c6
• https://git.kernel.org/stable/c/563e45fd5046045cc194af3ba17f5423e1c98170
• https://git.kernel.org/stable/c/5d5a481a7fd0234f617535dc464ea010804a1129
• https://git.kernel.org/stable/c/755eb0879224ffc2a43de724554aeaf0e51e5a64
• https://git.kernel.org/stable/c/78d48bc41f7726113c9f114268d3ab11212814da
• https://git.kernel.org/stable/c/98f53e591940e4c3818be358c5dc684d5b30cb56
• https://git.kernel.org/stable/c/aacffc1a8dbf67c5463cb4f67b37143c01ca6fa9
• https://git.kernel.org/stable/c/aadb1507a77b060c529edfeaf67f803e31461f24
• https://git.kernel.org/stable/c/ab0377803dafc58f1e22296708c1c28e309414d6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.303
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.163
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.86
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2