CVE-2022-41850: Linux kernel code execution vulnerability



A security researcher has discovered 3 new code execution vulnerabilities in the Linux kernel that could allow a local or physical attacker to execute code on the affected systems.

The first vulnerability tracked as CVE-2022-41850 (CVSS score: 8.4), is a use-after-free flaw due to a race condition in the roccat_report_event function in drivers/hid/hid-roccat.c. By sending a report while copying a report->value is in progress, a local attacker could exploit this vulnerability to execute arbitrary code on the system. CVE-2022-41850 affects Linux Kernel 5.19.12 and was fixed via this patch.

Read more…