CVE-2022-49270

Summary

CVE-2022-49270 is a use-after-free vulnerability affecting the Linux kernel's dm (Logical Volume Manager) module. In the function dm_cleanup_zoned_dev(), memory is freed but may still be accessed due to improper ordering of functions. The vulnerability occurs because blk_cleanup_queue() is executed before dm_cleanup_zoned_dev(), resulting in the RCU callback being executed first and causing the dm_cleanup_zoned_dev() function to touch already-freed memory. This issue can lead to kernel crashes and potential exploitation. The vulnerability was identified using the KASAN memory error detector.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.