PT-2025-8013 · Linux+3 · Linux Kernel+3

Published

2022-04-06

·

Updated

2025-05-22

·

CVE-2022-49085

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use after free bug has been identified in the Linux kernel, specifically in the get initial state function of the drbd module. The issue occurs when notify initial state done fails, causing the skb to be freed, and then get initial state attempts to use the freed skb, resulting in a use after free bug. Additionally, four more use after free bugs can occur due to the same problem in the notify * state change and notify * state calls. The bug is resolved by modifying the notify initial state done and notify * state change functions to return an error code if errors happen, allowing the error codes to be propagated and avoiding the use after free bugs.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-06573
CVE-2022-49085
OESA-2025-1408
OPENSUSE-SU-2025_1263-1
SUSE-SU-2025:1027-1
SUSE-SU-2025:1176-1
SUSE-SU-2025:1183-1
SUSE-SU-2025:1194-1
SUSE-SU-2025:1241-1
SUSE-SU-2025:1263-1
SUSE-SU-2025:1293-1
SUSE-SU-2025_1027-1
SUSE-SU-2025_1241-1
SUSE-SU-2025_1263-1
SUSE-SU-2025_1293-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse