CVE-2022-49384

HIGH

Linux Kernel 5.15.17-5.15.45 - Use-After-Free in MD io_acct_set Bioset

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: md: fix double free of io_acct_set bioset Now io_acct_set is alloc and free in personality. Remove the codes that free io_acct_set in md_free and md_stop.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/36a2fc44c574a59ee3b5e2cb327182f227b2b07e

Patch

https://git.kernel.org/stable/c/f99d5b5dc8a42c807b5f1176b925aa45d61962ab

Patch

https://git.kernel.org/stable/c/ea7d7bd90079d96f9c86bdaf0b106e0cd2a70661

Patch

https://git.kernel.org/stable/c/42b805af102471f53e3c7867b8c2b502ea4eef7e

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 16.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-415

Status published

Products (17)

linux/Kernel < 5.15.46linux

linux/Kernel 5.16.0 - 5.17.14linux

linux/Kernel 5.17.0 - 5.18.3linux

Linux/Linux < 5.17

Linux/Linux 00e3d58f50a875343124bcf5a9637520a492b0d1 - 36a2fc44c574a59ee3b5e2cb327182f227b2b07e

Linux/Linux 0c031fd37f69deb0cd8c43bbfcfccd62ebd7e952 - 42b805af102471f53e3c7867b8c2b502ea4eef7e

Linux/Linux 0c031fd37f69deb0cd8c43bbfcfccd62ebd7e952 - ea7d7bd90079d96f9c86bdaf0b106e0cd2a70661

Linux/Linux 0c031fd37f69deb0cd8c43bbfcfccd62ebd7e952 - f99d5b5dc8a42c807b5f1176b925aa45d61962ab

Linux/Linux 5.15.17 - 5.15.46

Linux/Linux 5.15.46 - 5.15.*

... and 7 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026