PT-2025-8010 · Linux+3 · Linux Kernel+3

Damien Le Moal

Published

2022-03-29

Updated

2025-05-22

CVE-2022-49082

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc8+

Description A use-after-free issue has been identified in the Linux kernel, specifically in the mpt3sas driver. The function mpt3sas transport port remove() frees the port field of the sas expander structure, leading to a use-after-free error when the ioc info() call is executed. This issue can be triggered when removing the driver module, such as during rmmod. The error is detected by KASAN, which reports a read of size 1 at an address that has already been freed.

Recommendations For Linux kernel versions prior to 5.17.0-rc8+, introduce a local variable port id to store the port ID value before executing mpt3sas transport port remove(). Then, use this local variable in the call to ioc info() instead of dereferencing the freed port structure.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-06551

CVE-2022-49082

OPENSUSE-SU-2025_1263-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2025-8010 · Linux+3 · Linux Kernel+3

CVE-2022-49082

Weakness Enumeration

Related Identifiers

Affected Products

References · 1355