PT-2025-8446 · Linux+5 · Linux Kernel+5

Published

2022-01-01

·

Updated

2026-03-14

·

CVE-2022-49513

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for the issue described.
Description A vulnerability in the Linux kernel has been resolved. The issue was related to the struct dbs data, which embeds a struct gov attr set that contains a kobject. The kobject requires a release() method for proper freeing, and the introduction of cpufreq dbs data release() addresses this by releasing the dbs data via the kobject::release() method. This fix resolves a call trace issue that occurred when attempting to free an active object.
Recommendations For Linux kernel versions prior to the fixed version, consider applying the patch that introduces the cpufreq dbs data release() function to properly release the dbs data via the kobject::release() method. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-371

Related Identifiers

ALSA-2025_16880
BDU:2026-03682
CESA-2023_2951
CVE-2022-49513
OESA-2025-1317
OESA-2025-1409
OESA-2025-1410
RHSA-2023:2458
RHSA-2023:2951
RHSA-2023_2458
RHSA-2023_2951
SUSE-SU-2025:1293-1
SUSE-SU-2025_1293-1

Affected Products

Astra Linux
Centos
Debian
Linux Kernel
Red Hat
Suse