Use-after-free in Linux kernel block



| Updated: 2025-05-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49179
CWE-ID CWE-416
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use-after-free

EUVDB-ID: #VU104490

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49179

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfq_bfqq_move() function in block/bfq-cgroup.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.4 - 5.4.188

CPE2.3 External links

https://git.kernel.org/stable/c/7507ead1e9d42957c2340f2c4a0e9d00034e3366
https://git.kernel.org/stable/c/8410f70977734f21b8ed45c37e925d311dfda2e7
https://git.kernel.org/stable/c/87fdfe8589d43e471dffb4c60f75eeb6f37afc4c
https://git.kernel.org/stable/c/8f34dea99cd7761156a146a5258a67d045d862f7
https://git.kernel.org/stable/c/c01fced8d38fbccc82787065229578006f28e020
https://git.kernel.org/stable/c/c4f5a678add58a8a0e7ee5e038496b376ea6d205
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.189


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###