vulnerability

Debian: CVE-2022-49388: linux -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Feb 27, 2025	Feb 27, 2025	Mar 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Feb 27, 2025

Added

Feb 27, 2025

Modified

Mar 10, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

ubi: ubi_create_volume: Fix use-after-free when volume creation failed

There is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s
error handling path:

ubi_eba_replace_table(vol, eba_tbl)
vol->eba_tbl = tbl
out_mapping:
ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl'
out_unlock:
put_device(&vol->dev)
vol_release
kfree(tbl->entries) // UAF

Fix it by removing redundant 'eba_tbl' releasing.
Fetch a reproducer in [Link].

Solution

debian-upgrade-linux

References

CVE-2022-49388
https://attackerkb.com/topics/CVE-2022-49388

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today