CVE-2022-49995

HIGH

Linux Kernel 5.15-5.15.63, 5.16-5.19.5 - Use-After-Free in Writeback Bandwidth Estimation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: writeback: avoid use-after-free after removing device When a disk is removed, bdi_unregister gets called to stop further writeback and wait for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation dwork after this has completed, which can result in the timer attempting to access the just freed bdi_writeback. Fix this by checking if the bdi_writeback is alive, similar to when scheduling writeback work. Since this requires wb->work_lock, and wb_inode_writeback_end() may get called from interrupt, switch wb->work_lock to an irqsafe lock.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/f96b9f7c1676923bce871e728bb49c0dfa5013cc

Patch

https://git.kernel.org/stable/c/9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7

Patch

https://git.kernel.org/stable/c/f87904c075515f3e1d8f4a7115869d3b914674fd

Scores

CVSS v3 7.8

EPSS 0.0020

EPSS Percentile 10.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (12)

linux/Kernel 5.15.0 - 5.15.64linux

linux/Kernel 5.16.0 - 5.19.6linux

Linux/Linux < 5.15

Linux/Linux 45a2966fd64147518dc5bca25f447bd0fb5359ac - 9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7

Linux/Linux 45a2966fd64147518dc5bca25f447bd0fb5359ac - f87904c075515f3e1d8f4a7115869d3b914674fd

Linux/Linux 45a2966fd64147518dc5bca25f447bd0fb5359ac - f96b9f7c1676923bce871e728bb49c0dfa5013cc

Linux/Linux 5.15

Linux/Linux 5.15.64 - 5.15.*

Linux/Linux 5.19.6 - 5.19.*

Linux/Linux 6.0

... and 2 more

Published Jun 18, 2025

Tracked Since Feb 18, 2026