Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the access_ok check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | * | 4.14.307 (excluding) |
| Linux_kernel | Linux | 4.19.0 (including) | 4.19.274 (excluding) |
| Linux_kernel | Linux | 5.4.0 (including) | 5.4.233 (excluding) |
| Linux_kernel | Linux | 5.10.0 (including) | 5.10.170 (excluding) |
| Linux_kernel | Linux | 5.15.0 (including) | 5.15.96 (excluding) |
| Linux_kernel | Linux | 6.1.0 (including) | 6.1.14 (excluding) |
| Linux_kernel | Linux | 6.2.0 (including) | 6.2.1 (excluding) |
This weakness can take several forms, such as: