PT-2025-8619 · Linux+2 · Linux Kernel+2

Dan Vacura

Published

2022-06-21

Updated

2025-04-14

CVE-2022-49686

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A panic can occur in the Linux kernel due to a list double add issue in the uvcg video pump function. This happens when the endpoint becomes disabled and the uvcg video pump adds the request back to the req free list after it has already been queued to the endpoint. The endpoint complete will add the request back to the req free list, causing the issue. The problem is resolved by invalidating the local request handle once it's been queued.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-415

Related Identifiers

BDU:2026-03878

CVE-2022-49686

SUSE-SU-2025:1176-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8619 · Linux+2 · Linux Kernel+2

CVE-2022-49686

Weakness Enumeration

Related Identifiers

Affected Products

References · 1301