CVE-2022-49127

HIGH

Linux Kernel 5.17-5.17.2 - Use-After-Free in ref_tracker

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ref_tracker: implement use-after-free detection Whenever ref_tracker_dir_init() is called, mark the struct ref_tracker_dir as dead. Test the dead status from ref_tracker_alloc() and ref_tracker_free() This should detect buggy dev_put()/dev_hold() happening too late in netdevice dismantle process.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/3743c9de303fa36c2e2ca2522ab280c52bcafbd2

Patch

https://git.kernel.org/stable/c/e3ececfe668facd87d920b608349a32607060e66

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 13.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (8)

linux/Kernel 5.17.0 - 5.17.3linux

Linux/Linux < 5.17

Linux/Linux 4e66934eaadc83b27ada8d42b60894018f3bfabf - 3743c9de303fa36c2e2ca2522ab280c52bcafbd2

Linux/Linux 4e66934eaadc83b27ada8d42b60894018f3bfabf - e3ececfe668facd87d920b608349a32607060e66

Linux/Linux 5.17

Linux/Linux 5.17.3 - 5.17.*

Linux/Linux 5.18

linux/linux_kernel 5.17 - 5.17.3

Published Feb 26, 2025

Tracked Since Feb 18, 2026