CVE-2022-49047

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 26, 2025

Updated: Feb 27, 2025

CWE ID 416

Summary

CVE-2022-49047 is a vulnerability affecting the Linux kernel's ep93xx driver. The issue involves a use-after-free (UAF) condition in the ep93xx_clk_register_gate() function. The function fails to properly release memory, causing subsequent use of the memory to result in undefined behavior. This vulnerability was identified during an analysis of the clock.c file in the ep93xx subsystem. The erroneous code branch releases memory but then returns a pointer to the previously freed memory, potentially leading to serious consequences if exploited.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3urCWz
https://www.cve.org/CVERecord?id=CVE-2022-49047
https://nvd.nist.gov/vuln/detail/CVE-2022-49047

Back to Vulnerability Database