PT-2025-8341 · Linux+2 · Linux Kernel+2

Alexander Aring

Published

2022-04-06

Updated

2025-04-16

CVE-2022-49407

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0+

Description The issue is related to an invalid read in the Linux kernel's dlm module. This occurs when a struct plock op is allocated and appended to a global send list data structure, and then moved to recv list by dev read(). If dev write() casts it to struct plock xop and accesses fields only available in struct plock xop, an invalid read happens. The problem is fixed by moving the callback field to struct plock op to indicate that a cast to plock xop is allowed.

Recommendations To fix this issue, update to a version of the Linux kernel that includes the patch for this problem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-03862

CVE-2022-49407

OESA-2025-1370

RHSA-2025:10174

RHSA-2025:10193

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1293-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8341 · Linux+2 · Linux Kernel+2

CVE-2022-49407

Weakness Enumeration

Related Identifiers

Affected Products

References · 1519