PT-2025-8013 · Linux+3 · Linux Kernel+3

Publicado

2022-04-06

Atualizado

2025-05-22

CVE-2022-49085

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use after free bug has been identified in the Linux kernel, specifically in the get initial state function of the drbd module. The issue occurs when notify initial state done fails, causing the skb to be freed, and then get initial state attempts to use the freed skb, resulting in a use after free bug. Additionally, four more use after free bugs can occur due to the same problem in the notify * state change and notify * state calls. The bug is resolved by modifying the notify initial state done and notify * state change functions to return an error code if errors happen, allowing the error codes to be propagated and avoiding the use after free bugs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

BDU:2025-06573

CVE-2022-49085

OESA-2025-1408

OPENSUSE-SU-2025_1263-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

Produtos afetados

Astra Linux

Linux Kernel

Red Os

Suse

PT-2025-8013 · Linux+3 · Linux Kernel+3

CVE-2022-49085

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3238