CVE-2022-44033

low-risk

Published 2022-10-30

An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().

Do I need to act?

-

0.04% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.4/10 Medium

PHYSICAL / HIGH complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f...

https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/

https://lore.kernel.org/lkml/20220919040457.GA302681%40ubuntu/

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f...

https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/

https://lore.kernel.org/lkml/20220919040457.GA302681%40ubuntu/

22

/ 100

low-risk

Severity 17/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal