PT-2025-8633 · Linux+4 · Linux Kernel+4

Jann Horn

Published

2022-06-13

Updated

2025-04-15

CVE-2022-49700

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, related to the slab allocation mechanism. The issue arises from a race condition between slab allocation and deallocation, which can lead to state inconsistency and potentially cause an object to be lost or freed onto the wrong slab's freelist. This inconsistency can result in the inuse counter being messed up, eventually causing a page to be freed to the page allocator while it still contains slab objects. The vulnerability is based on a complex sequence of operations, including the fastpath in slab alloc node() and the slab alloc() function, where the TID is not updated when deactivating the CPU slab.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-833CWE-416

Related Identifiers

BDU:2025-04416

BDU:2025-04558

BDU:2025-05058

CESA-2024_3138

CVE-2022-49700

OPENSUSE-SU-2025_1263-1

RHSA-2023:2458

RHSA-2023_2458

RHSA-2024:3138

RHSA-2024_3138

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-8633 · Linux+4 · Linux Kernel+4

CVE-2022-49700

Weakness Enumeration

Related Identifiers

Affected Products

References · 1387