CVE-2022-49995
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's writeback mechanism. When a disk device is removed, the system stops further writeback operations and waits for delayed work to complete. However, a function called wb_inode_writeback_end() may schedule additional work related to bandwidth estimation after the device has been removed, potentially causing the system to access memory that has already been freed (use-after-free). This can lead to instability or crashes. The fix involves checking if the writeback structure is still valid before scheduling work and changing the locking mechanism to be safe in interrupt context.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to access freed memory after a disk device is removed, which may lead to system instability, crashes, or potential data corruption during writeback operations.