PT-2025-25921 · Linux+4 · Linux Kernel+4

Published

2022-08-28

Updated

2025-07-28

CVE-2022-49995

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue occurs when a disk is removed, and the bdi unregister function is called to stop further writeback and wait for associated delayed work to complete. The wb inode writeback end() function may schedule bandwidth estimation dwork after this has completed, which can result in the timer attempting to access the just freed bdi writeback. This issue is resolved by checking if the bdi writeback is alive, similar to when scheduling writeback work, and switching wb->work lock to an irqsafe lock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-02028

CESA-2023_7077

CVE-2022-49995

RHSA-2023:2458

RHSA-2023:7077

RHSA-2023_2458

RHSA-2023_7077

RHSA-2024:0575

RHSA-2025:12525

RHSA-2025:12526

SUSE-SU-2025:02264-1

SUSE-SU-2025:02321-1

SUSE-SU-2025:02322-1

SUSE-SU-2025:02537-1

SUSE-SU-2025:2264-1

SUSE-SU-2025_02264-1

SUSE-SU-2025_02537-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-25921 · Linux+4 · Linux Kernel+4

CVE-2022-49995

Weakness Enumeration

Related Identifiers

Affected Products

References · 592