Use After Free Vulnerability in Linux Kernel Network Scheduler
CVE-2022-49921

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2025

What is CVE-2022-49921?

A use after free vulnerability exists in the Linux kernel's network scheduler due to improper management of socket buffers (skb) during the enqueueing process. Specifically, after a socket buffer is passed to the qdisc_enqueue, it should not be accessed again, as this can lead to memory corruption and potential system instability. This flaw has been addressed in recent kernel updates, emphasizing the importance of timely patches and updates to maintain system security.

Affected Version(s)

Linux d7f4f332f082c4d4ba53582f902ed6b44fd6f45e < 795afe0b9bb6c915f0299a8e309936519be01619

Linux d7f4f332f082c4d4ba53582f902ed6b44fd6f45e

References

https://git.kernel.org/stable/c/795afe0b9bb6c915f0299a8e3...

https://git.kernel.org/stable/c/a238cdcf2bdc72207c74375fc...

https://git.kernel.org/stable/c/e877f8fa49fbccc63cb2df2e9...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
May 1, 2025