PT-2025-8104 · Linux+3 · Linux Kernel+3

Zhang Wensheng

·

Published

2022-03-05

·

Updated

2025-08-18

·

CVE-2022-49176

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.0-10295-g576c6382529e
Description A use-after-free issue has been identified in the Linux kernel, specifically in the bfq dispatch request function. This issue can be triggered during normal scsi-mq testing, as reported by KASAN. The problem arises when a request is dispatched after its associated memory has been freed, leading to a potential crash or other unintended behavior. The estimated number of potentially affected devices worldwide is not provided.
Recommendations To resolve this issue, update to a version of the Linux kernel that includes the fix for the bfq dispatch request use-after-free bug. As a temporary workaround, consider disabling the bfq dispatch request function until a patch is available. However, this may impact the performance and functionality of the system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-10588
CVE-2022-49176
LSN-0114-1
SUSE-SU-2025:01600-1
SUSE-SU-2025:1027-1
SUSE-SU-2025:1176-1
SUSE-SU-2025:1183-1
SUSE-SU-2025:1241-1
SUSE-SU-2025_01600-1
SUSE-SU-2025_1027-1
SUSE-SU-2025_1241-1
USN-7627-1
USN-7627-2

Affected Products

Astra Linux
Linux Kernel
Suse
Ubuntu