CVE-2022-49168

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A issue in the Linux kernel has been identified, specifically in the btrfs component. The problem arises when the submit helper fails to submit a bio, leading to potential use-after-free and NULL pointer dereference bugs due to a race condition with the endio function. This occurs because the bio is cleaned up prematurely. To address this, the repair function will continue processing the remaining pages and rely on the endio for the repair bio to handle the cleanup for the given page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-59135

BDU:2025-10263

CVE-2022-49168

SUSE-SU-2025:01983-1

SUSE-SU-2025_01983-1

USN-7654-1

USN-7654-2

USN-7654-3

USN-7654-4

USN-7654-5

USN-7655-1

USN-7686-1

USN-7711-1

USN-7712-1

USN-7712-2

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2022-49168

Weakness Enumeration

Related Identifiers

Affected Products

References · 642