CVE-2022-49223

Summary

CVE-2022-49223 is a vulnerability affecting the Linux kernel where a use-after-free error occurs in the cxl/port module during the release of a cxl_decoder. The issue arises when cxl_decoder_release() attempts to reference its parent, a cxl_port, to free its id back to port->decoder_ida. This results in a potential use-after-free scenario, which can be detected by KASAN and lead to a read of an invalid memory address. The vulnerability can cause instability in the system, and the affected device core guarantees parent lifetime only until all children are unregistered, requiring children that need a parent for their release callback to hold a reference to extend the parent's lifetime.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.