CVE-2022-49182

HIGH

Linux Kernel 5.1-5.15.32, 5.16.0-5.16.18, 5.17.0-5.17.1 - Use-After-Free in VLAN List Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add vlan list lock to protect vlan list When adding port base VLAN, vf VLAN need to remove from HW and modify the vlan state in vf VLAN list as false. If the periodicity task is freeing the same node, it may cause "use after free" error. This patch adds a vlan list lock to protect the vlan list.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/30f0ff7176efe8ac6c55f85bce26ed58bb608758

Patch

https://git.kernel.org/stable/c/09e383ca97e798f9954189b741af54b5c51e7a97

Patch

https://git.kernel.org/stable/c/f58af41deeab0f45c9c80adf5f2de489ebbac3dd

Patch

https://git.kernel.org/stable/c/1932a624ab88ff407d1a1d567fe581faa15dc725

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 16.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (14)

linux/Kernel 5.1.0 - 5.15.33linux

linux/Kernel 5.16.0 - 5.16.19linux

linux/Kernel 5.17.0 - 5.17.2linux

Linux/Linux < 5.1

Linux/Linux 5.1

Linux/Linux 5.15.33 - 5.15.*

Linux/Linux 5.16.19 - 5.16.*

Linux/Linux 5.17.2 - 5.17.*

Linux/Linux 5.18

Linux/Linux c6075b193462d9a3930fb41f587f94720658752a - 09e383ca97e798f9954189b741af54b5c51e7a97

... and 4 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026