CVE-2022-49148

MEDIUM

Linux Kernel 5.8-5.10.109, 5.11-5.15.32, 5.16-5.16.18, 5.17 - Use-After-Free in watch_queue

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: watch_queue: Free the page array when watch_queue is dismantled Commit 7ea1a0124b6d ("watch_queue: Free the alloc bitmap when the watch_queue is torn down") took care of the bitmap, but not the page array. BUG: memory leak unreferenced object 0xffff88810d9bc140 (size 32): comm "syz-executor335", pid 3603, jiffies 4294946994 (age 12.840s) hex dump (first 32 bytes): 40 a7 40 04 00 ea ff ff 00 00 00 00 00 00 00 00 @.@............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: kmalloc_array include/linux/slab.h:621 [inline] kcalloc include/linux/slab.h:652 [inline] watch_queue_set_size+0x12f/0x2e0 kernel/watch_queue.c:251 pipe_ioctl+0x82/0x140 fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline]

References (5)

Core 5

Scores

CVSS v3 5.5
EPSS 0.0024
EPSS Percentile 14.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-401
Status published
Products (17)
linux/Kernel 5.11.0 - 5.15.33linux
linux/Kernel 5.16.0 - 5.16.19linux
linux/Kernel 5.17.0 - 5.17.2linux
linux/Kernel 5.8.0 - 5.10.110linux
Linux/Linux < 5.8
Linux/Linux 5.10.110 - 5.10.*
Linux/Linux 5.15.33 - 5.15.*
Linux/Linux 5.16.19 - 5.16.*
Linux/Linux 5.17.2 - 5.17.*
Linux/Linux 5.18
... and 7 more
Published Feb 26, 2025
Tracked Since Feb 18, 2026