PT-2025-8345 · Linux+2 · Linux Kernel+2

Jan Kara

Published

2025-02-26

Updated

2025-05-20

CVE-2022-49411

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use after free issue was found in the Linux kernel's BFQ IO scheduler. This occurs when a bio is associated with a cgroup that has already been offlined, leading to the insertion of a bfq group into a service tree. Once the last bio associated with this bfq group is completed, the bfq group is freed, causing issues for service tree users. The problem is resolved by ensuring that operations are only performed on online bfq group instances. If the associated bfq group is not online, the first online parent is selected instead.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2022-49411

OPENSUSE-SU-2025_1263-1

RHSA-2022:8267

SUSE-SU-2025:01600-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_01600-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8345 · Linux+2 · Linux Kernel+2

CVE-2022-49411

Weakness Enumeration

Related Identifiers

Affected Products

References · 1477