PT-2025-8311 · Linux+2 · Linux Kernel+2

Ming Lei

Published

2022-05-23

Updated

2025-08-29

CVE-2022-49377

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue in the Linux kernel has been resolved. The problem occurred in the blk-mq component, specifically in the blk mq run hw queues() function, which could be executed when there were no queued requests and after the queue was cleaned up. At this point, the tagset is freed because its lifetime is managed by the driver and is often released after blk cleanup queue() returns. To avoid this issue, the kernel no longer accesses the ->tagset to determine the current default hctx by using the mapping built into the request queue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-10579

CVE-2022-49377

OESA-2025-2081

OESA-2025-2082

RHSA-2025:10174

RHSA-2025:10193

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8311 · Linux+2 · Linux Kernel+2

CVE-2022-49377

Weakness Enumeration

Related Identifiers

Affected Products

References · 1363