Use-After-Free Vulnerability in Linux Kernel's BFQ Scheduler
CVE-2022-50329

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
15 September 2025

What is CVE-2022-50329?

A use-after-free vulnerability was identified in the BFQ (Budget Fair Queueing) scheduler within the Linux kernel. The issue arises during the handling of BFQ queues, where a race condition can lead to accessing freed memory. Specifically, the function 'bic_set_bfqq()' may attempt to use the 'bfqq' structure after it has been released by 'bfq_exit_icq_bfqq()', potentially allowing an attacker to manipulate memory and execute arbitrary code. This defect emphasizes the critical importance of proper memory management practices within the kernel.

Affected Version(s)

Linux 5533742c7cb1bc9b1f0bf401cc397d44a3a9e07a < 1425f1bb5df5239021fd09ebc2a5e8070e705d36

Linux 094f3d9314d67691cb21ba091c1b528f6e3c4893 < 7949b0df3dd9f4817ed4a4e989fa9ee81df6205f

Linux b22fd72bfebda3956efc4431b60ddfc0a51e03e0

References

https://git.kernel.org/stable/c/1425f1bb5df5239021fd09ebc...
https://git.kernel.org/stable/c/7949b0df3dd9f4817ed4a4e98...
https://git.kernel.org/stable/c/cfe5b38c37720313eff0dec55...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-50329 : Use-After-Free Vulnerability in Linux Kernel's BFQ Scheduler