Base Score

MEDIUM6.4

CVE-2022-44032

An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().

VectorPHYSICAL

Published Bycve@mitre.org

Published DateOct 30, 2022, 01:15

Weakness Type (CWE):CWE-362

CVSS Metrics

Base Score

6.4

Vector String

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

PHYSICAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

MEDIUM6.4

Weakness Type (CWE):CWE-362

CVSS Metrics

Base Score

6.4

Vector String

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

PHYSICAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH