CVE-2022-49912

MEDIUM

Linux Kernel 4.2-6.0.8 Btrfs Qgroup Use-After-Free

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ulist leaks in error paths of qgroup self tests In the test_no_shared_qgroup() and test_multiple_refs() qgroup self tests, if we fail to add the tree ref, remove the extent item or remove the extent ref, we are returning from the test function without freeing the "old_roots" ulist that was allocated by the previous calls to btrfs_find_all_roots(). Fix that by calling ulist_free() before returning.

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/d81370396025cf63a7a1b5f8bb25a3479203b2ca

Patch

https://git.kernel.org/stable/c/3f58283d83a588ff5da62fc150de19e798ed2ec2

Patch

https://git.kernel.org/stable/c/203204798831c35d855ecc6417d98267d2d2184b

Patch

https://git.kernel.org/stable/c/5d1a47ebf84540e40b5b43fc21aef0d6c0f627d9

Patch

https://git.kernel.org/stable/c/0a0dead4ad1a2e2a9bdf133ef45111d7c8daef84

Patch

https://git.kernel.org/stable/c/f46ea5fa3320dca4fe0c0926b49a5f14cb85de62

Patch

https://git.kernel.org/stable/c/da7003434bcab0ae9aba3f2c003e734cae093326

Patch

https://git.kernel.org/stable/c/d37de92b38932d40e4a251e876cc388f9aee5f42

Scores

CVSS v3 5.5

EPSS 0.0017

EPSS Percentile 6.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (27)

linux/Kernel 4.10.0 - 4.14.299linux

linux/Kernel 4.15.0 - 4.19.265linux

linux/Kernel 4.2.0 - 4.9.333linux

linux/Kernel 4.20.0 - 5.4.224linux

linux/Kernel 5.11.0 - 5.15.78linux

linux/Kernel 5.16.0 - 6.0.8linux

linux/Kernel 5.5.0 - 5.10.154linux

Linux/Linux < 4.2

Linux/Linux 4.14.299 - 4.14.*

Linux/Linux 4.19.265 - 4.19.*

... and 17 more

Published May 01, 2025

Tracked Since Feb 18, 2026