PT-2025-37631 · Linux+3 · Linux Kernel+3

Published

2022-12-26

Updated

2026-02-13

CVE-2022-50329

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the block, bfq subsystem, specifically related to bfqq in the bfq exit icq bfqq function. The commit 64dc8c732f5c addresses this by reordering function calls to ensure bfq exit bfqq is executed after bic set bfqq. Previously, bfq exit icq bfqq could free memory associated with bfqq before bic set bfqq accessed it, leading to a use-after-free condition. The vulnerable code path involves accessing bic->bfqq within the bic set bfqq function after the bfqq structure has been freed by bfq exit icq bfqq.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-02049

CVE-2022-50329

RHSA-2023:6583

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

SUSE-SU-2026:0475-1

SUSE-SU-2026:0495-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Suse

PT-2025-37631 · Linux+3 · Linux Kernel+3

CVE-2022-50329

Weakness Enumeration

Related Identifiers

Affected Products

References · 912