PT-2022-7647 · Linux+3 · Linux Kernel+3

John Garry

Published

2022-01-31

Updated

2025-03-19

CVE-2022-48792

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue may occur in the Linux kernel when a sas task is aborted by the upper layer before handling the I/O completion in mpi ssp completion() or mpi sata completion(). This happens because the upper layer may free the sas task after calling complete(), but the kernel still tries to access it in pm8001 ccb task free(). The issue is resolved by swapping the order of the complete() and pm8001 ccb task free() calls.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-07755

CVE-2022-48792

OPENSUSE-SU-2024_2947-1

OPENSUSE-SU-2024_2948-1

OPENSUSE-SU-2025_0898-1

OPENSUSE-SU-2025_0942-1

OPENSUSE-SU-2025_0943-1

OPENSUSE-SU-2025_0944-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2893-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2923-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2940-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2948-1

SUSE-SU-2025:0892-1

SUSE-SU-2025:0893-1

SUSE-SU-2025:0898-1

SUSE-SU-2025:0904-1

SUSE-SU-2025:0908-1

SUSE-SU-2025:0942-1

SUSE-SU-2025:0943-1

SUSE-SU-2025:0944-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-7647 · Linux+3 · Linux Kernel+3

CVE-2022-48792

Weakness Enumeration

Related Identifiers

Affected Products

References · 1407