CVE-2022-49127
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: ref_tracker: implement use-after-free detection Whenever ref_tracker_dir_init() is called, mark the struct ref_tracker_dir as dead. Test the dead status from ref_tracker_alloc() and ref_tracker_free() This should detect buggy dev_put()/dev_hold() happening too late in netdevice dismantle process.
Security Summary
CVE-2022-49127 is a use-after-free vulnerability (CWE-416) in the Linux kernel's ref_tracker component. It arises from buggy dev_put() and dev_hold() operations occurring too late during the netdevice dismantle process. The affected software is the Linux kernel.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), in an unchanged security scope (S:U). Successful exploitation can result in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), yielding a CVSS v3.1 base score of 7.8.
Mitigation is provided through kernel patches that implement use-after-free detection in ref_tracker. These patches mark the struct ref_tracker_dir as dead upon ref_tracker_dir_init() and test the dead status in ref_tracker_alloc() and ref_tracker_free(). The fixes are available at https://git.kernel.org/stable/c/3743c9de303fa36c2e2ca2522ab280c52bcafbd2 and https://git.kernel.org/stable/c/e3ececfe668facd87d920b608349a32607060e66.
Details
- CWE(s)