Use-after-free in Linux kernel block drbd driver



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49811
CWE-ID CWE-416
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use-after-free

EUVDB-ID: #VU108222

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49811

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the init_submitter() and drbd_create_device() functions in drivers/block/drbd/drbd_main.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.14 - 4.14.299

CPE2.3 External links

https://git.kernel.org/stable/c/7d93417d596402ddd46bd76c721f205d09d0d025
https://git.kernel.org/stable/c/813a8dd9c45fd46f5cbbfbedf0791afa7740ccf5
https://git.kernel.org/stable/c/9ed51414aef6e59e832e2960f10766dce2d5b1a1
https://git.kernel.org/stable/c/a7a1598189228b5007369a9622ccdf587be0730f
https://git.kernel.org/stable/c/bf47ca1b35fc1f55091ffaff5fbe41ea0c6f59a1
https://git.kernel.org/stable/c/c2a00b149836d60c222930bbea6b2139caf34d4f
https://git.kernel.org/stable/c/fc1897f16ebcfd22364f2afcc27f53a740f3bc7a
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.300


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###