CVE-2022-49385

HIGH EPSS 19.9%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: driver: base: fix UAF when driver_attach failed When driver_attach(drv); failed, the driver_private will be freed. But it has been added to the bus, which caused a UAF. To fix it, we need to delete it from the bus when failed.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
19.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥3.9  –  <5.4.198
linuxlinux_kernel*≥5.5  –  <5.10.122
linuxlinux_kernel*≥5.11  –  <5.15.47
linuxlinux_kernel*≥5.16  –  <5.17.15
linuxlinux_kernel*≥5.18  –  <5.18.4

References 6

  • git.kernel.org https://git.kernel.org/stable/c/310862e574001a97ad02272bac0fd13f75f42a27
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5389101257828d1913d713d9a40acbe14f5961df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d709f58c743166fe1c6914b9de0ae8868600d9b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/823f24f2e329babd0330200d0b74882516fe57f4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c059665c84feab46b7173d3a1bf36c2fb7f9df86
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cdf1a683a01583bca4b618dd16223cbd6e462e21
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/310862e574001a97ad02272bac0fd13f75f42a27
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5389101257828d1913d713d9a40acbe14f5961df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d709f58c743166fe1c6914b9de0ae8868600d9b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/823f24f2e329babd0330200d0b74882516fe57f4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c059665c84feab46b7173d3a1bf36c2fb7f9df86
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cdf1a683a01583bca4b618dd16223cbd6e462e21
    Patch