Use-After-Free Vulnerability in Linux Kernel Related to fsl_mc_bus Device Management
CVE-2022-49711

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
26 February 2025

What is CVE-2022-49711?

A use-after-free vulnerability has been identified in the Linux kernel, specifically within the fsl-mc-bus device management code. The issue arises in the fsl_mc_bus_remove() function, where a reference to a freed device is used, potentially leading to memory corruption. This can occur since mc->root_mc_bus_dev is deallocated in fsl_mc_device_remove(), resulting in accessing mc->root_mc_bus_dev->mc_io after it has been released. The vulnerability is addressed by storing a reference to mc->root_mc_bus_dev->mc_io in a temporary variable before it is passed to fsl_destroy_mc_io(), thus preventing access to invalid memory locations. The current patch needs to be adapted for use in kernel versions older than 5.15.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux f93627146f0e371093966ed3d44c065aa077cfb1 < 720ab105df7bf3eee62d2bddd41526b29d07d045

Linux f93627146f0e371093966ed3d44c065aa077cfb1

Linux f93627146f0e371093966ed3d44c065aa077cfb1 < 161b68b0a728377aaa10a8e14c70e7734f3c9ff7

References

https://git.kernel.org/stable/c/720ab105df7bf3eee62d2bddd...
https://git.kernel.org/stable/c/ccd1751092341ac120a961835...
https://git.kernel.org/stable/c/161b68b0a728377aaa10a8e14...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.