Unrated severityNVD Advisory· Published Sep 9, 2022· Updated Aug 3, 2024

CVE-2022-2526

Description

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Affected products

systemd/systemddescription
osv-coords8 versions
pkg:rpm/almalinux/systemd pkg:rpm/almalinux/systemd-container pkg:rpm/almalinux/systemd-devel pkg:rpm/almalinux/systemd-journal-remote pkg:rpm/almalinux/systemd-libs pkg:rpm/almalinux/systemd-pam pkg:rpm/almalinux/systemd-tests pkg:rpm/almalinux/systemd-udev
< 239-58.el8_6.4+ 7 more
- (no CPE)range: < 239-58.el8_6.4
- (no CPE)range: < 239-58.el8_6.4
- (no CPE)range: < 239-58.el8_6.4
- (no CPE)range: < 239-58.el8_6.4
- (no CPE)range: < 239-58.el8_6.4
- (no CPE)range: < 239-58.el8_6.4
- (no CPE)range: < 239-58.el8_6.4
- (no CPE)range: < 239-58.el8_6.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000