vulnerability

Red Hat: CVE-2022-49410: kernel: tracing: Fix potential double free in create_var_ref()

Name: Red Hat: CVE-2022-49410: kernel: tracing: Fix potential double free in create_var_ref()
Creator: Red Hat
Published: 2025-02-26T00:00:00.000Z
Keywords: CVE, Red Hat, 2022, 49410, kernel, no-fix-redhat-rpm-package, Severity 7

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Feb 26, 2025

Added

Jul 9, 2025

Modified

Jul 10, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix potential double free in create_var_ref()

In create_var_ref(), init_var_ref() is called to initialize the fields
of variable ref_field, which is allocated in the previous function call
to create_hist_field(). Function init_var_ref() allocates the
corresponding fields such as ref_field->system, but frees these fields
when the function encounters an error. The caller later calls
destroy_hist_field() to conduct error handling, which frees the fields
and the variable itself. This results in double free of the fields which
are already freed in the previous function.

Fix this by storing NULL to the corresponding fields when they are freed
in init_var_ref().

Solution

no-fix-redhat-rpm-package

References

NVD-CVE-2022-49410

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report