- CVE-2022-48733
- Suggested Configuration
- OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.226
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.22
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16.0 up to (excluding) 5.16.8
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.17.0 up to (excluding) 5.17
- Reference
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.226
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.22
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.16.8
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.17
- Reference (Commit)
- btrfs: fix use-after-free after failure to create a snapshot
- Fixed by
- 5.10.226 (7e4c72dbaf62f8978af8321a24dbd35566d3a78a)
- 5.15.22 (a7b717fa15165d3d9245614680bebc48a52ac05d)
- 5.16.8 (9372fa1d73da5f1673921e365d0cd2c27ec7adc2)
- 5.17 (28b21c558a3753171097193b6f6602a94169093a) (upstream)
- Will be introduced by
- https://github.com/torvalds/linux/commit/3063d29f2a4d
- I Checked
- XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
- From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
- For 3.16.35, there is related post at lkml
- For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
- XXXX
[CVE Configuration Update Request] Update Suggestion - CVE-2022-48733 - Cvss3 : 7.8
https://www.linuxkernelcves.com/cves/CVE-2022-48733 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2022-48733.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2022-48733.json