PT-2025-8580 · Linux+4 · Linux Kernel+4

Mukesh Ojha

Published

2022-06-16

Updated

2025-06-06

CVE-2022-49647

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue occurs when tasks are moved across cgroups during migration, and some tasks are involved in identity noop migrations while others are actually moving across cgroups. This can lead to a use-after-free scenario, causing the cset to be destroyed if all tasks leave it before the migration finishes. The problem is caused by overloading cset->mg preload node for both src and dst preload lists.

Recommendations To resolve this issue, apply the patch that separates out cset->mg preload node into ->mg src preload node and ->mg dst preload node, ensuring that the src and dst preloadings do not interfere with each other. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-416

Related Identifiers

BDU:2025-04335

CESA-2023_7077

CVE-2022-49647

OESA-2025-1465

OESA-2025-1593

OESA-2025-1597

OPENSUSE-SU-2025_1263-1

RHSA-2023:2458

RHSA-2023:7077

RHSA-2023_2458

RHSA-2023_7077

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-8580 · Linux+4 · Linux Kernel+4

CVE-2022-49647

Weakness Enumeration

Related Identifiers

Affected Products

References · 1543