CVE-2022-49899

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue was related to the use of the keyrings subsystem for managing fscrypt master key structs. This approach led to several problems, including the inability to guarantee the destruction of master keys, potential deadlocks, and undesirable delays in key destruction. The vulnerability allowed for a use-after-free condition and made it difficult to ensure that all secrets were wiped. The fix involves changing the implementation to store master key structs in a regular kernel data structure and reworking the reference counting, locking, and lifetime accordingly.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.