PT-2025-8344 · Linux+2 · Linux Kernel+2

Keita Suzuki

Published

2025-02-26

Updated

2025-04-15

CVE-2022-49410

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential double free issue in the Linux kernel has been identified. The problem occurs in the create var ref() function, where init var ref() is called to initialize fields of ref field, which is allocated in create hist field(). If an error is encountered, init var ref() frees the corresponding fields, but the caller later calls destroy hist field() to handle the error, resulting in a double free of the fields.

Recommendations To resolve this issue, store NULL to the corresponding fields when they are freed in init var ref().

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

CVE-2022-49410

OPENSUSE-SU-2025_1263-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8344 · Linux+2 · Linux Kernel+2

CVE-2022-49410

Weakness Enumeration

Related Identifiers

Affected Products

References · 1344