PT-2022-7690 · Linux+6 · Linux Kernel+6

Jann Horn

·

Published

2022-12-09

·

Updated

2025-09-29

·

CVE-2022-48988

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 347c4a874710
Description The issue is related to a possible use-after-free in the memcg write event control() function. This function accesses the dentry->d name of the specified control file descriptor to route the write call. Prior to a specific commit, there was a call to file cft() that verified the file type before further accesses. However, this check was inadvertently dropped, allowing any file to be accessed and potentially causing use-after-free issues. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations To resolve the issue, apply the fix that resurrects the file type check in file cft(). This can be done by checking the superblock and dentry type, as the cgroupfs is now implemented through kernfs. For Linux kernel versions prior to 347c4a874710, update to a version that includes the fix for the memcg write event control() function.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880
ALT-PU-2023-1066
BDU:2024-10099
CESA-2023_7077
CVE-2022-48988
OESA-2024-2322
OESA-2024-2324
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_4131-1
OPENSUSE-SU-2024_4140-1
RHSA-2023:6583
RHSA-2023:7077
RHSA-2023_6583
RHSA-2023_7077
SUSE-SU-2024:3983-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:4081-1
SUSE-SU-2024:4082-1
SUSE-SU-2024:4100-1
SUSE-SU-2024:4103-1
SUSE-SU-2024:4131-1
SUSE-SU-2024:4140-1
SUSE-SU-2024:4364-1
SUSE-SU-2025:0034-1

Affected Products

Alt Linux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Suse