CVE-2022-49541
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799
Security Summary
CVE-2022-49541 is a double-free vulnerability (CWE-415) in the Linux kernel's CIFS (Common Internet File System) implementation. It occurs during a failed mount operation, where improper memory handling can lead to a double free. The affected component is the cifs module within the Linux kernel, with the issue resolved via upstream patches.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction required (UI:N), given local access (AV:L) to the system. Successful exploitation can result in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an unchanged security scope (S:U), potentially allowing arbitrary code execution, denial of service, or data corruption via crafted mount operations. The CVSS v3.1 base score is 7.8 (High).
Mitigation involves applying the relevant upstream Linux kernel stable patches, as detailed in the commit references: 8378a51e3f8140f60901fb27208cc7a6e47047b5, 9a167fc440e5693c1cdd7f07071e05658bd9d89d, ce0008a0e410cdd95f0d8cd81b2902ec10a660c4, and ee71f8f1cd3c8c4a251fd3e8abc89215ae3457cb. Additional details are available in Red Hat Bugzilla entry 2088799. Security practitioners should ensure systems using CIFS mounts are updated to patched kernel versions.
Details
- CWE(s)