Use-After-Free Vulnerability in Linux Kernel Affecting Dynamic ftrace Operations
CVE-2022-49892

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2025

Summary

A use-after-free vulnerability was identified in the Linux kernel's handling of dynamic ftrace operations. This flaw arises when two operations with identical content are registered successively. Upon unregistering the second operation, the expected synchronization steps are bypassed, potentially allowing another CPU to access released memory. This could lead to unintended behavior or access violations. The issue has been mitigated by adding the necessary synchronization mechanisms during the ftrace shutdown process.

Affected Version(s)

Linux edb096e00724f02db5f6ec7900f3bbd465c6c76f

Linux edb096e00724f02db5f6ec7900f3bbd465c6c76f < 88561a66777e7a2fe06638c6dcb22a9fae0b6733

Linux edb096e00724f02db5f6ec7900f3bbd465c6c76f

References

https://git.kernel.org/stable/c/ea5f2fd4640ecbb9df969bf8b...

https://git.kernel.org/stable/c/88561a66777e7a2fe06638c6d...

https://git.kernel.org/stable/c/cc1b9961a0ceb70f6ca4e2f4b...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
May 1, 2025