{"id":"CVE-2022-42703","details":"mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.","aliases":["A-253167854","ASB-A-253167854"],"modified":"2026-03-15T22:45:33.478982Z","published":"2022-10-09T23:15:09.523Z","related":["ALSA-2023:2148","ALSA-2023:2458","ALSA-2023:2736","ALSA-2023:2951","MGASA-2022-0324","MGASA-2022-0380","SUSE-SU-2022:3897-1","SUSE-SU-2022:3929-1","SUSE-SU-2022:3998-1","SUSE-SU-2022:4024-1","SUSE-SU-2022:4027-1","SUSE-SU-2022:4030-1","SUSE-SU-2022:4033-1","SUSE-SU-2022:4034-1","SUSE-SU-2022:4035-1","SUSE-SU-2022:4039-1","SUSE-SU-2022:4053-1","SUSE-SU-2022:4072-1","SUSE-SU-2022:4100-1","SUSE-SU-2022:4112-1","SUSE-SU-2022:4113-1","SUSE-SU-2022:4129-1","SUSE-SU-2022:4272-1","SUSE-SU-2022:4273-1","SUSE-SU-2022:4561-1","SUSE-SU-2022:4573-1","SUSE-SU-2022:4574-1","SUSE-SU-2022:4589-1","SUSE-SU-2022:4611-1","SUSE-SU-2022:4614-1","SUSE-SU-2022:4615-1","SUSE-SU-2022:4617-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/2555283eb40df89945557273121e9393ef9b542b"},{"type":"FIX","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.7"},{"type":"EVIDENCE","url":"https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html"},{"type":"EVIDENCE","url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=2351"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.19.7"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42703.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}