PT-2025-8580 · Linux+4 · Linux Kernel+4

Mukesh Ojha

Publicado

2022-06-16

Atualizado

2025-06-06

CVE-2022-49647

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue occurs when tasks are moved across cgroups during migration, and some tasks are involved in identity noop migrations while others are actually moving across cgroups. This can lead to a use-after-free scenario, causing the cset to be destroyed if all tasks leave it before the migration finishes. The problem is caused by overloading cset->mg preload node for both src and dst preload lists.

Recommendations To resolve this issue, apply the patch that separates out cset->mg preload node into ->mg src preload node and ->mg dst preload node, ensuring that the src and dst preloadings do not interfere with each other. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-415CWE-416

Identificadores relacionados

BDU:2025-04335

CESA-2023_7077

CVE-2022-49647

OESA-2025-1465

OESA-2025-1593

OESA-2025-1597

OPENSUSE-SU-2025_1263-1

RHSA-2023:2458

RHSA-2023:7077

RHSA-2023_2458

RHSA-2023_7077

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

Produtos afetados

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-8580 · Linux+4 · Linux Kernel+4

CVE-2022-49647

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1543