PT-2025-8322 · Linux+2 · Linux Kernel+2

Zhihao Cheng

Published

2022-05-27

Updated

2025-04-16

CVE-2022-49388

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the Linux kernel, specifically in the ubi create volume() function. The problem arises when volume creation fails, and there is an attempt to access the eba tbl after it has been freed. This occurs due to redundant releasing of eba tbl. The issue is related to the ubi eba replace table() and ubi eba destroy table() functions, and the tbl->entries are freed after the eba tbl has been destroyed, leading to a use-after-free condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-10578

CVE-2022-49388

OESA-2025-1336

SUSE-SU-2025:1293-1

SUSE-SU-2025_1293-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8322 · Linux+2 · Linux Kernel+2

CVE-2022-49388

Weakness Enumeration

Related Identifiers

Affected Products

References · 521