PT-2025-8133 · Linux+3 · Linux Kernel+3

Wang Yufen

Published

2022-03-15

Updated

2025-09-29

CVE-2022-49205

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, related to the bpf and sockmap components. The issue occurs when the tcp bpf sendmsg() function is running during a tear-down operation, potentially causing the psock to be freed. This can lead to a double uncharge of the memory of sk msg, resulting in an error. The functions tcp bpf send verdict(), sk msg return(), and tcp bpf sendmsg redir() are involved in this process. If psock is null, returning an error code can trigger sk msg free nocharge in the error path of SK REDIRECT, affecting user-space behavior.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-19

Related Identifiers

ALSA-2025_16880

BDU:2026-03935

CVE-2022-49205

RHSA-2023:2458

RHSA-2023_2458

SUSE-SU-2025:01600-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_01600-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Suse

PT-2025-8133 · Linux+3 · Linux Kernel+3

CVE-2022-49205

Weakness Enumeration

Related Identifiers

Affected Products

References · 1437