CVE-2022-49053

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 26, 2025

Updated: Feb 27, 2025

CWE ID 416

Summary

CVE-2022-49053 is a vulnerability affecting the Linux kernel's SCSI subsystem, specifically the tcmu driver. This issue arises due to a lack of proper refcounting when tcmu_try_get_data_page() function retrieves pages. As a result, a Use-After-Free (UAF) condition may occur, allowing attackers to potentially execute arbitrary code or cause system instability. To mitigate this risk, it is essential to obtain pages under cmdr_lock to prevent concurrent tcmu_blocks_release() calls.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3uq_M2
https://www.cve.org/CVERecord?id=CVE-2022-49053
https://nvd.nist.gov/vuln/detail/CVE-2022-49053

Back to Vulnerability Database