CVE-2022-49921

HIGH

Linux Kernel 4.4.163-4.4.x - Use-After-Free in red_enqueue()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in red_enqueue() We can't use "skb" again after passing it to qdisc_enqueue(). This is basically identical to commit 2f09707d0c97 ("sch_sfb: Also store skb len before calling child enqueue").

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/795afe0b9bb6c915f0299a8e309936519be01619

Patch

https://git.kernel.org/stable/c/a238cdcf2bdc72207c74375fc8be13ee549ca9db

Patch

https://git.kernel.org/stable/c/e877f8fa49fbccc63cb2df2e9179bddc695b825a

Patch

https://git.kernel.org/stable/c/52e0429471976785c155bfbf51d80990c6cd46e2

Patch

https://git.kernel.org/stable/c/5960b9081baca85cc7dcb14aec1de85999ea9d36

Patch

https://git.kernel.org/stable/c/fc4b50adb400ee5ec527a04073174e8e73a139fa

Patch

https://git.kernel.org/stable/c/170e5317042c302777ed6d59fdb84af9b0219d4e

Patch

https://git.kernel.org/stable/c/8bdc2acd420c6f3dd1f1c78750ec989f02a1e2b9

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (22)

Linux/Linux < 4.7

Linux/Linux 4.14.299 - 4.14.*

Linux/Linux 4.19.265 - 4.19.*

Linux/Linux 4.4.163 - 4.5

Linux/Linux 4.7

Linux/Linux 4.9.333 - 4.9.*

Linux/Linux 5.10.154 - 5.10.*

Linux/Linux 5.15.78 - 5.15.*

Linux/Linux 5.4.224 - 5.4.*

Linux/Linux 6.0.8 - 6.0.*

... and 12 more

Published May 01, 2025

Tracked Since Feb 18, 2026