CVE-2022-49413

EPSS 0.03%
Veröffentlicht 26.02.2025 07:01:17
Zuletzt bearbeitet 24.03.2025 19:52:50
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

bfq: Update cgroup information before merging bio

When the process is migrated to a different cgroup (or in case of
writeback just starts submitting bios associated with a different
cgroup) bfq_merge_bio() can operate with stale cgroup information in
bic. Thus the bio can be merged to a request from a different cgroup or
it can result in merging of bfqqs for different cgroups or bfqqs of
already dead cgroups and causing possible use-after-free issues. Fix the
problem by updating cgroup information in bfq_merge_bio().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.12 < 5.4.198

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.121

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.46

Linux ≫ Linux Kernel Version >= 5.16 < 5.17.14

Linux ≫ Linux Kernel Version >= 5.18 < 5.18.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.093

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/2a1077f17169a6059992a0bbdb330e0abad1e6d9

Patch

https://git.kernel.org/stable/c/b06691af08b41dfd81052a3362514d9827b44bb1

Patch

https://git.kernel.org/stable/c/d9165200c5627a2cf4408eefabdf0058bdf95e1a

Patch

https://git.kernel.org/stable/c/da9f3025d595956410ceaab2bea01980d7775948

Patch

https://git.kernel.org/stable/c/e8821f45612f2e6d9adb9c6ba0fb4184f57692aa

Patch

https://git.kernel.org/stable/c/ea591cd4eb270393810e7be01feb8fde6a34fbbe

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49413

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49413

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49413

EUVD