CVE-2022-49651
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct().
Security Summary
CVE-2022-49651 is a use-after-free vulnerability (CWE-416) in the Linux kernel's SRCU (Sleepable Read-Copy Update) implementation. The issue arises in the cleanup_srcu_struct() function, which checks for grace periods in progress but fails to account for grace periods that are needed but not yet started, potentially leading to a use-after-free condition. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects Linux kernel versions prior to the application of the relevant fixes.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could grant high-impact access to confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data corruption, or system crashes within the kernel context.
The provided references point to kernel patch commits that resolve the issue: https://git.kernel.org/stable/c/8ed00760203d8018bee042fbfe8e076579be2c2b and https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07. These patches tighten the grace period checks in cleanup_srcu_struct() by adding validation for needed but unstarted grace periods, preventing the use-after-free. Security practitioners should ensure affected systems receive these stable kernel updates.
Details
- CWE(s)