{"id":"CVE-2022-4744","details":"A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.","modified":"2026-03-14T11:55:43.081240Z","published":"2023-03-30T21:15:06.497Z","related":["ALSA-2023:1469","ALSA-2023:1470","ALSA-2023:7077","SUSE-SU-2023:1800-1","SUSE-SU-2023:1802-1","SUSE-SU-2023:1811-1","SUSE-SU-2023:1892-1","SUSE-SU-2023:1897-1","SUSE-SU-2023:1992-1","SUSE-SU-2023:2646-1","SUSE-SU-2023:2694-1","SUSE-SU-2023:2695-1","SUSE-SU-2023:2698-1","SUSE-SU-2023:2701-1","SUSE-SU-2023:2710-1","SUSE-SU-2023:2714-1","SUSE-SU-2023:2724-1","SUSE-SU-2023:2727-1","SUSE-SU-2023:2741-1","SUSE-SU-2023:2755-1","SUSE-SU-2023:2809-1","SUSE-SU-2023:2871-1","SUSE-SU-2024:1321-1","SUSE-SU-2024:1454-1","SUSE-SU-2024:1466-1","SUSE-SU-2024:1480-1","SUSE-SU-2024:1489-1","SUSE-SU-2024:1490-1"],"references":[{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html"},{"type":"ADVISORY","url":"https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230526-0009/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4744.json","unresolved_ranges":[{"events":[{"introduced":"5.5"},{"fixed":"5.10.136"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.12"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}