CVE-2022-49388

In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_create_volume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s error handling path: ubi_eba_replace_table(vol, eba_tbl) vol->eba_tbl = tbl out_mapping: ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl' out_unlock: put_device(&vol->dev) vol_release kfree(tbl->entries) // UAF Fix it by removing redundant 'eba_tbl' releasing. Fetch a reproducer in [Link].

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1174ab8ba36a48025b68b5ff1085000b1e510217	Patch
https://git.kernel.org/stable/c/25ff1e3a1351c0d936dd1ac2f9e58231ea1510c9	Patch
https://git.kernel.org/stable/c/5ff2514e4fb55dcf3d88294686040ca73ea0c1a2	Patch
https://git.kernel.org/stable/c/6d8d3f68cbecfd31925796f0fb668eb21ab06734	Patch
https://git.kernel.org/stable/c/8302620aeb940f386817321d272b12411ae7d39f	Patch
https://git.kernel.org/stable/c/8c03a1c21d72210f81cb369cc528e3fde4b45411	Patch
https://git.kernel.org/stable/c/abb67043060f2bf4c03d7c3debb9ae980e2b6db3	Patch
https://git.kernel.org/stable/c/e27ecf325e51abd06aaefba57a6322a46fa4178b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-02-26 07:01

Updated : 2025-03-25 14:59

NVD link : CVE-2022-49388

Mitre link : CVE-2022-49388

CVE.ORG link : CVE-2022-49388

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

{"id": "CVE-2022-49388", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:15.430", "references": [{"url": "https://git.kernel.org/stable/c/1174ab8ba36a48025b68b5ff1085000b1e510217", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/25ff1e3a1351c0d936dd1ac2f9e58231ea1510c9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5ff2514e4fb55dcf3d88294686040ca73ea0c1a2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6d8d3f68cbecfd31925796f0fb668eb21ab06734", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8302620aeb940f386817321d272b12411ae7d39f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8c03a1c21d72210f81cb369cc528e3fde4b45411", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/abb67043060f2bf4c03d7c3debb9ae980e2b6db3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e27ecf325e51abd06aaefba57a6322a46fa4178b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: ubi_create_volume: Fix use-after-free when volume creation failed\n\nThere is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s\nerror handling path:\n\n ubi_eba_replace_table(vol, eba_tbl)\n vol->eba_tbl = tbl\nout_mapping:\n ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl'\nout_unlock:\n put_device(&vol->dev)\n vol_release\n kfree(tbl->entries)\t // UAF\n\nFix it by removing redundant 'eba_tbl' releasing.\nFetch a reproducer in [Link]."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ubi: ubi_create_volume: Se corrige el problema de use-after-free cuando falla la creaci\u00f3n del volumen Hay un problema de use-after-free para 'eba_tbl' en la ruta de gesti\u00f3n de errores de ubi_create_volume(): ubi_eba_replace_table(vol, eba_tbl) vol->eba_tbl = tbl out_mapping: ubi_eba_destroy_table(eba_tbl) // Libera 'eba_tbl' out_unlock: put_device(&vol->dev) vol_release kfree(tbl->entries) // UAF Arr\u00e9glalo eliminando la liberaci\u00f3n redundante de 'eba_tbl'. Obt\u00e9n un reproductor en [Enlace]."}], "lastModified": "2025-03-25T14:59:13.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1826012-E991-4F57-B5A8-B3B6949796C0", "versionEndExcluding": "4.14.283", "versionStartIncluding": "4.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8CFA0F4-2D75-41F4-9753-87944A08B53B", "versionEndExcluding": "4.19.247", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EC49633-14DE-4EBD-BB80-76AE2E3EABB9", "versionEndExcluding": "5.4.198", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B42AA01-44D8-4572-95E6-FF8E374CF9C5", "versionEndExcluding": "5.10.122", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC042EE3-4864-4325-BE0B-4BCDBF11AA61", "versionEndExcluding": "5.15.47", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53E7AA2E-2FB4-45CA-A22B-08B4EDBB51AD", "versionEndExcluding": "5.17.15", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6D643C-6D6A-4821-8A8D-B5776B8F0103", "versionEndExcluding": "5.18.4", "versionStartIncluding": "5.18"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}