CVE-2022-40307

NameCVE-2022-40307
DescriptionAn issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3131-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2vulnerable
buster (security)4.19.260-1fixed
bullseye5.10.140-1vulnerable
bullseye (security)5.10.136-1vulnerable
bookworm, sid5.19.11-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebuster4.19.260-1DLA-3131-1
linuxsource(unstable)5.19.11-1

Notes

https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95

Search for package or bug name: Reporting problems