-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is a use-after-free occurring within the cil_reset_classpermission function, as stated in the CVE description. The provided commit patch (c49a8ea09501ad66e799ea41b8154b6770fec2c8) modifies cil_reset_classperms_set by removing a call to cil_reset_classpermission. This indicates that the call from cil_reset_classperms_set was a trigger for the UAF in cil_reset_classpermission. The commit message further clarifies that cil_reset_classperms_set should not have been causing cil_reset_classpermission to reset certain data. The vulnerability description also explicitly names cil_reset_classperms_list as another function that calls cil_reset_classpermission and can trigger the UAF. Therefore, cil_reset_classpermission is the function containing the flaw, and cil_reset_classperms_set (pre-patch) and cil_reset_classperms_list are functions that would be part of the call stack leading to the exploitation of this vulnerability.
Ongoing coverage of React2Shell