{"id":"CVE-2022-48872","summary":"misc: fastrpc: Fix use-after-free race condition for maps","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix use-after-free race condition for maps\n\nIt is possible that in between calling fastrpc_map_get() until\nmap-\u003efl-\u003elock is taken in fastrpc_free_map(), another thread can call\nfastrpc_map_lookup() and get a reference to a map that is about to be\ndeleted.\n\nRewrite fastrpc_map_get() to only increase the reference count of a map\nif it's non-zero. Propagate this to callers so they can know if a map is\nabout to be deleted.\n\nFixes this warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate\n...\nCall trace:\n refcount_warn_saturate\n [fastrpc_map_get inlined]\n [fastrpc_map_lookup inlined]\n fastrpc_map_create\n fastrpc_internal_invoke\n fastrpc_device_ioctl\n __arm64_sys_ioctl\n invoke_syscall","modified":"2026-04-11T12:43:08.832581Z","published":"2024-08-21T06:10:02.954Z","related":["SUSE-SU-2024:3190-1","SUSE-SU-2024:3209-1","SUSE-SU-2024:3225-1","SUSE-SU-2024:3227-1","SUSE-SU-2024:3249-1","SUSE-SU-2024:3408-1","SUSE-SU-2024:3483-1","SUSE-SU-2024:3499-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48872.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907"},{"type":"WEB","url":"https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48872.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48872"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c68cfb718c8f97b7f7a50ed66be5feb42d0c8988"},{"fixed":"556dfdb226ce1e5231d8836159b23f8bb0395bf4"},{"fixed":"b171d0d2cf1b8387c72c8d325c5d5746fa271e39"},{"fixed":"61a0890cb95afec5c8a2f4a879de2b6220984ef1"},{"fixed":"079c78c68714f7d8d58e66c477b0243b31806907"},{"fixed":"96b328d119eca7563c1edcc4e1039a62e6370ecb"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48872.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.1.0"},{"fixed":"5.4.230"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.165"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.90"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48872.json"}}],"schema_version":"1.7.5"}