CVE-2022-49176

Summary

CVE-2022-49176 is a use-after-free vulnerability identified in the Linux kernel's bfq (Budget Fair Queuing) scheduler. The issue was discovered during scsi-mq testing, where KASAN reported a use-after-free error in the function bfq_dispatch_request. This error occurred when the memory was freed, but the task still attempted to read from it. The affected kernel version is 5.10.0-10295-g576c6382529e, and the vulnerability can lead to a read of uninitialized memory and potential system instability. The issue was resolved through memory management updates in the kernel.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.