CVE-2022-4095: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-4095 is a use-after-free vulnerability discovered in the Linux kernel versions before 5.19.2. The vulnerability specifically occurs in the cmdhdlfilter function within drivers/staging/rtl8712/rtl8712_cmd.c, affecting the RealTek RTL8712U wireless driver. The vulnerability was discovered by Zheng Wang and Zhuorao Yang (Ubuntu Security).

The vulnerability is classified with a CVSS v3.1 score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, and low privileges, but can result in high impacts to confidentiality, integrity, and availability (NetApp Security).

The vulnerability can allow a local attacker to cause a denial of service (system crash) or potentially execute arbitrary code on the affected system. The successful exploitation could lead to disclosure of sensitive information, addition or modification of data, or system unavailability (Ubuntu Security, NetApp Security).

The vulnerability has been fixed in Linux kernel version 5.19.2 and backported to various distribution versions. Ubuntu has released fixes for multiple versions including 22.10 (5.19.0-28.29), 22.04 LTS (5.15.0-57.63), 20.04 LTS (5.4.0-136.153), and 18.04 LTS (4.15.0-201.212). The fix was also backported to 16.04 LTS (4.4.0-240.274) (Ubuntu Security).