CVE-2022-49951
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free bug in the Linux kernel's firmware loader. Specifically, during the firmware_upload_unregister() function, the device_unregister() call can cause the fw_upload_priv structure to be freed before it is used again in a subsequent module_put() call. This leads to dereferencing freed memory, which can cause crashes or other unpredictable behavior. The issue was fixed by copying the module reference to a local variable before calling device_unregister().
How can this vulnerability impact me? :
This vulnerability can lead to system instability or crashes due to use-after-free errors in the Linux kernel firmware loader. Exploiting this bug could potentially cause denial of service or other unintended behavior in systems running vulnerable kernel versions.