CVE-2022-49179

Summary

CVE-2022-49179 is a use-after-free (UAF) vulnerability affecting the Linux kernel's bfq block I/O scheduler. The issue was identified during testing and resulted in a kernel panic. The bug occurs in the __bfq_put_async_bfqq function and allows a task to write to a freed memory location, potentially leading to arbitrary code execution. The affected memory is located in the kmalloc-1024 cache of size 1024, and the buggy address is inside a 552-byte region of this cache. The vulnerability can be exploited when a module is deleted and the corresponding memory is not properly freed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.