References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.16.11

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NIST CWE-416

https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e No Types Assigned

https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e Mailing List, Patch

https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b No Types Assigned

https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b Mailing List, Patch

In the Linux kernel, the following vulnerability has been resolved:

mctp: fix use after free

Clang static analysis reports this problem
route.c:425:4: warning: Use of memory after it is freed
  trace_mctp_key_acquire(key);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~
When mctp_key_add() fails, key is freed but then is later
used in trace_mctp_key_acquire().  Add an else statement
to use the key only when mctp_key_add() is successful.

kernel.org https://git.kernel.org/stable/c/1dd3ecbec5f606b2a526c47925c8634b1a6bb81e [No types assigned]

kernel.org https://git.kernel.org/stable/c/7e5b6a5c8c44310784c88c1c198dde79f6402f7b [No types assigned]