CVE-2022-49892

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.0

Description A use-after-free issue has been identified in the Linux kernel, specifically in the ftrace subsystem. This issue occurs when the ftrace shutdown() function is called, and the FTRACE UPDATE CALLS command is not set due to another enabled operation with the same content. As a result, the ftrace shutdown() function skips the RCU synchronization, leading to a potential use-after-free scenario. The issue was reported by KASAN, which detected a use-after-free in the ftrace ops list func() function.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this problem. For Linux kernel version 5.10.0, consider disabling the ftrace ops list func() function as a temporary workaround until a patch is available. Restrict access to the ftrace subsystem to minimize the risk of exploitation.