CVE-2022-4382

low-risk
Published 2023-01-10

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10 Medium
PHYSICAL / HIGH complexity

Affected Products (1)

Affected Vendors

Linux

References (2)

Exploit https://www.openwall.com/lists/oss-security/2022/12/14/5
Exploit https://www.openwall.com/lists/oss-security/2022/12/14/5
22
/ 100
low-risk
Severity 17/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal