Use-after-free Vulnerability in Linux Kernel Binder Component
CVE-2022-49939

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2022-49939?

A use-after-free vulnerability exists in the Linux kernel's binder component due to a race condition during weak handle transactions. When a transaction of type BINDER_TYPE_WEAK_HANDLE fails to increment the reference for a node while the target process is concurrently closing, it can lead to a dangling pointer. Subsequently, if the process is released and attempts to lock a previously valid reference, it results in an unsafe memory access. This vulnerability could compromise the stability of the system and lead to unexpected behavior.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 229f47603dd306bc0eb1a831439adb8e48bb0eae

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 06e5b43ca4dab06a92bf4c2f33766e6fb11b880a

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 30d0901b307f27d36b2655fb3048cf31ee0e89c0

References

https://git.kernel.org/stable/c/229f47603dd306bc0eb1a8314...

https://git.kernel.org/stable/c/06e5b43ca4dab06a92bf4c2f3...

https://git.kernel.org/stable/c/30d0901b307f27d36b2655fb3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
May 1, 2025