[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-48869":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":38,"related":39,"reserved_at":9,"published_at":45,"modified_at":46,"state":47,"summary":48,"references_raw":57,"kevs":80,"epss":81,"epss_history":84,"metrics":338,"affected":344},"CVE-2022-48869","In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadgetfs: Fix race between mounting and unmounting\n\nThe syzbot fuzzer and Gerald Lee have identified a use-after-free bug\nin the gadgetfs driver, involving processes concurrently mounting and\nunmounting the gadgetfs filesystem.  In particular, gadgetfs_fill_super()\ncan race with gadgetfs_kill_sb(), causing the latter to deallocate\nthe_device while the former is using it.  The output from KASAN says,\nin part:\n\nBUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:102 [inline]\nBUG: KASAN: use-after-free in atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]\nBUG: KASAN: use-after-free in __refcount_sub_and_test include/linux/refcount.h:272 [inline]\nBUG: KASAN: use-after-free in __refcount_dec_and_test include/linux/refcount.h:315 [inline]\nBUG: KASAN: use-after-free in refcount_dec_and_test include/linux/refcount.h:333 [inline]\nBUG: KASAN: use-after-free in put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]\nBUG: KASAN: use-after-free in gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086\nWrite of size 4 at addr ffff8880276d7840 by task syz-executor126/18689\n\nCPU: 0 PID: 18689 Comm: syz-executor126 Not tainted 6.1.0-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \u003CTASK>\n...\n atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]\n __refcount_sub_and_test include/linux/refcount.h:272 [inline]\n __refcount_dec_and_test include/linux/refcount.h:315 [inline]\n refcount_dec_and_test include/linux/refcount.h:333 [inline]\n put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]\n gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n vfs_get_super fs/super.c:1190 [inline]\n get_tree_single+0xd0/0x160 fs/super.c:1207\n vfs_get_tree+0x88/0x270 fs/super.c:1531\n vfs_fsconfig_locked fs/fsopen.c:232 [inline]\n\nThe simplest solution is to ensure that gadgetfs_fill_super() and\ngadgetfs_kill_sb() are serialized by making them both acquire a new\nmutex.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36],{"_key":25},"SUSE-SU-2024:3227-1",{"_key":27},"SUSE-SU-2024:3408-1",{"_key":29},"SUSE-SU-2024:3190-1",{"_key":31},"SUSE-SU-2024:3209-1",{"_key":33},"SUSE-SU-2024:3483-1",{"_key":35},"DEBIAN-CVE-2022-48869",{"_key":37},"UBUNTU-CVE-2022-48869",[],[40,41,42,43,44],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},"2024-08-21T06:09:59.526Z","2026-05-11T18:48:43.958Z","Analyzed",{"cisa_kev":49,"cisa_ransomware":49,"cisa_vendor":9,"epss_severity":50,"epss_score":51,"severity":52,"severity_score":53,"severity_version":54,"severity_source":55,"severity_vector":56,"severity_status":47},false,"low",0.00016,"medium",4.7,"v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",[58,64,68,72,76],{"url":59,"sources":60,"tags":62},"https://git.kernel.org/stable/c/9a39f4626b361ee7aa10fd990401c37ec3b466ae",[61,55],"cve.org",[63],"Patch",{"url":65,"sources":66,"tags":67},"https://git.kernel.org/stable/c/856e4b5e53f21edbd15d275dde62228dd94fb2b4",[61,55],[63],{"url":69,"sources":70,"tags":71},"https://git.kernel.org/stable/c/a2e075f40122d8daf587db126c562a67abd69cf9",[61,55],[63],{"url":73,"sources":74,"tags":75},"https://git.kernel.org/stable/c/616fd34d017000ecf9097368b13d8a266f4920b3",[61,55],[63],{"url":77,"sources":78,"tags":79},"https://git.kernel.org/stable/c/d18dcfe9860e842f394e37ba01ca9440ab2178f4",[61,55],[63],[],{"date":82,"score":51,"percentile":83},"2026-06-03",0.03793,[85,89,92,94,97,100,103,106,109,112,115,118,121,124,127,131,134,137,140,143,146,149,152,155,157,160,163,166,169,172,174,177,180,183,186,189,192,195,198,201,204,207,210,213,216,219,221,223,226,229,231,234,237,239,242,245,247,249,252,255,258,261,264,267,269,272,275,278,281,284,287,289,291,294,297,299,302,305,308,310,313,315,318,321,323,325,327,329,332,335],{"date":86,"score":87,"percentile":88},"2025-11-04",0.00009,0.00679,{"date":90,"score":87,"percentile":91},"2025-11-05",0.00681,{"date":93,"score":87,"percentile":91},"2025-11-06",{"date":95,"score":87,"percentile":96},"2025-11-07",0.00683,{"date":98,"score":51,"percentile":99},"2025-11-08",0.02542,{"date":101,"score":51,"percentile":102},"2025-11-09",0.02544,{"date":104,"score":51,"percentile":105},"2025-11-10",0.02517,{"date":107,"score":51,"percentile":108},"2025-11-11",0.02531,{"date":110,"score":51,"percentile":111},"2025-11-12",0.02545,{"date":113,"score":51,"percentile":114},"2025-11-13",0.02593,{"date":116,"score":51,"percentile":117},"2025-11-14",0.0261,{"date":119,"score":51,"percentile":120},"2025-11-15",0.02639,{"date":122,"score":51,"percentile":123},"2025-11-16",0.0264,{"date":125,"score":51,"percentile":126},"2025-11-17",0.02627,{"date":128,"score":129,"percentile":130},"2025-11-18",0.00069,0.17279,{"date":132,"score":129,"percentile":133},"2025-11-19",0.17299,{"date":135,"score":129,"percentile":136},"2025-11-20",0.17274,{"date":138,"score":51,"percentile":139},"2025-11-21",0.02712,{"date":141,"score":51,"percentile":142},"2025-11-22",0.0271,{"date":144,"score":51,"percentile":145},"2025-11-23",0.02701,{"date":147,"score":51,"percentile":148},"2025-11-24",0.02688,{"date":150,"score":51,"percentile":151},"2025-11-25",0.02668,{"date":153,"score":51,"percentile":154},"2025-11-26",0.02647,{"date":156,"score":51,"percentile":123},"2025-11-27",{"date":158,"score":51,"percentile":159},"2025-11-28",0.02649,{"date":161,"score":51,"percentile":162},"2025-11-29",0.02702,{"date":164,"score":51,"percentile":165},"2025-11-30",0.02703,{"date":167,"score":51,"percentile":168},"2025-12-01",0.02765,{"date":170,"score":51,"percentile":171},"2025-12-02",0.02757,{"date":173,"score":51,"percentile":171},"2025-12-03",{"date":175,"score":51,"percentile":176},"2025-12-04",0.02696,{"date":178,"score":51,"percentile":179},"2025-12-05",0.02707,{"date":181,"score":51,"percentile":182},"2025-12-06",0.02723,{"date":184,"score":51,"percentile":185},"2025-12-07",0.02732,{"date":187,"score":51,"percentile":188},"2025-12-08",0.02727,{"date":190,"score":51,"percentile":191},"2025-12-09",0.02747,{"date":193,"score":51,"percentile":194},"2025-12-10",0.02775,{"date":196,"score":51,"percentile":197},"2025-12-11",0.0278,{"date":199,"score":51,"percentile":200},"2025-12-12",0.02793,{"date":202,"score":51,"percentile":203},"2025-12-13",0.02764,{"date":205,"score":51,"percentile":206},"2025-12-14",0.02766,{"date":208,"score":51,"percentile":209},"2025-12-15",0.0276,{"date":211,"score":51,"percentile":212},"2025-12-16",0.02755,{"date":214,"score":51,"percentile":215},"2025-12-17",0.02768,{"date":217,"score":51,"percentile":218},"2025-12-18",0.02774,{"date":220,"score":51,"percentile":197},"2025-12-19",{"date":222,"score":51,"percentile":194},"2025-12-20",{"date":224,"score":51,"percentile":225},"2025-12-21",0.02776,{"date":227,"score":51,"percentile":228},"2025-12-22",0.02778,{"date":230,"score":51,"percentile":197},"2025-12-23",{"date":232,"score":51,"percentile":233},"2025-12-24",0.02782,{"date":235,"score":51,"percentile":236},"2025-12-25",0.0279,{"date":238,"score":51,"percentile":200},"2025-12-26",{"date":240,"score":51,"percentile":241},"2025-12-27",0.02773,{"date":243,"score":51,"percentile":244},"2025-12-28",0.02786,{"date":246,"score":51,"percentile":225},"2025-12-29",{"date":248,"score":51,"percentile":241},"2025-12-30",{"date":250,"score":51,"percentile":251},"2025-12-31",0.02767,{"date":253,"score":51,"percentile":254},"2026-01-01",0.02827,{"date":256,"score":51,"percentile":257},"2026-01-02",0.02824,{"date":259,"score":51,"percentile":260},"2026-01-03",0.02823,{"date":262,"score":51,"percentile":263},"2026-01-04",0.02759,{"date":265,"score":51,"percentile":266},"2026-01-05",0.02762,{"date":268,"score":51,"percentile":263},"2026-01-06",{"date":270,"score":51,"percentile":271},"2026-01-07",0.02777,{"date":273,"score":51,"percentile":274},"2026-01-08",0.02806,{"date":276,"score":51,"percentile":277},"2026-01-09",0.02818,{"date":279,"score":51,"percentile":280},"2026-01-10",0.02819,{"date":282,"score":51,"percentile":283},"2026-01-11",0.02804,{"date":285,"score":51,"percentile":286},"2026-01-12",0.02761,{"date":288,"score":51,"percentile":212},"2026-01-13",{"date":290,"score":51,"percentile":263},"2026-01-14",{"date":292,"score":51,"percentile":293},"2026-01-15",0.0275,{"date":295,"score":51,"percentile":296},"2026-01-16",0.02749,{"date":298,"score":51,"percentile":293},"2026-01-17",{"date":300,"score":51,"percentile":301},"2026-01-18",0.02753,{"date":303,"score":51,"percentile":304},"2026-01-19",0.02746,{"date":306,"score":51,"percentile":307},"2026-01-20",0.02733,{"date":309,"score":51,"percentile":188},"2026-01-21",{"date":311,"score":51,"percentile":312},"2026-01-22",0.02724,{"date":314,"score":51,"percentile":307},"2026-01-23",{"date":316,"score":51,"percentile":317},"2026-01-24",0.02754,{"date":319,"score":51,"percentile":320},"2026-01-25",0.02751,{"date":322,"score":51,"percentile":191},"2026-01-26",{"date":324,"score":51,"percentile":304},"2026-01-27",{"date":326,"score":51,"percentile":320},"2026-01-28",{"date":328,"score":51,"percentile":218},"2026-01-29",{"date":330,"score":51,"percentile":331},"2026-01-30",0.02779,{"date":333,"score":51,"percentile":334},"2026-01-31",0.02799,{"date":336,"score":51,"percentile":337},"2026-02-01",0.02849,[339],{"source":55,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":340,"cvss_v4_0":9},{"baseScore":53,"baseSeverity":341,"vectorString":56,"impactScore":342,"exploitabilityScore":343},"MEDIUM",6,2.6,[345,371],{"ecosystem":9,"name":346,"vendor":347,"product":347,"cpe_part":348,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":349},"Linux","linux","a",[350,357,360,363,366,369],{"version":351,"is_range":352,"range_type":61,"version_start":353,"version_start_type":354,"version_end":355,"version_end_type":356,"fixed_in":9},">= e5d82a7360d124ae1a38c2a5eac92ba49b125191, \u003C 9a39f4626b361ee7aa10fd990401c37ec3b466ae",true,"e5d82a7360d124ae1a38c2a5eac92ba49b125191","including","9a39f4626b361ee7aa10fd990401c37ec3b466ae","excluding",{"version":358,"is_range":352,"range_type":61,"version_start":353,"version_start_type":354,"version_end":359,"version_end_type":356,"fixed_in":9},">= e5d82a7360d124ae1a38c2a5eac92ba49b125191, \u003C 856e4b5e53f21edbd15d275dde62228dd94fb2b4","856e4b5e53f21edbd15d275dde62228dd94fb2b4",{"version":361,"is_range":352,"range_type":61,"version_start":353,"version_start_type":354,"version_end":362,"version_end_type":356,"fixed_in":9},">= e5d82a7360d124ae1a38c2a5eac92ba49b125191, \u003C a2e075f40122d8daf587db126c562a67abd69cf9","a2e075f40122d8daf587db126c562a67abd69cf9",{"version":364,"is_range":352,"range_type":61,"version_start":353,"version_start_type":354,"version_end":365,"version_end_type":356,"fixed_in":9},">= e5d82a7360d124ae1a38c2a5eac92ba49b125191, \u003C 616fd34d017000ecf9097368b13d8a266f4920b3","616fd34d017000ecf9097368b13d8a266f4920b3",{"version":367,"is_range":352,"range_type":61,"version_start":353,"version_start_type":354,"version_end":368,"version_end_type":356,"fixed_in":9},">= e5d82a7360d124ae1a38c2a5eac92ba49b125191, \u003C d18dcfe9860e842f394e37ba01ca9440ab2178f4","d18dcfe9860e842f394e37ba01ca9440ab2178f4",{"version":370,"is_range":49,"range_type":61,"version_start":370,"version_start_type":354,"version_end":370,"version_end_type":354,"fixed_in":9},"5.3",{"ecosystem":9,"name":372,"vendor":347,"product":373,"cpe_part":374,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":375},"linux kernel","linux_kernel","o",[376,380,384,388],{"version":377,"is_range":352,"range_type":378,"version_start":370,"version_start_type":354,"version_end":379,"version_end_type":356,"fixed_in":9},"gte5.3_lt5.4.230","cpe","5.4.230",{"version":381,"is_range":352,"range_type":378,"version_start":382,"version_start_type":354,"version_end":383,"version_end_type":356,"fixed_in":9},"gte5.5_lt5.10.165","5.5","5.10.165",{"version":385,"is_range":352,"range_type":378,"version_start":386,"version_start_type":354,"version_end":387,"version_end_type":356,"fixed_in":9},"gte5.11_lt5.15.90","5.11","5.15.90",{"version":389,"is_range":352,"range_type":378,"version_start":390,"version_start_type":354,"version_end":391,"version_end_type":356,"fixed_in":9},"gte5.16_lt6.1.8","5.16","6.1.8"]