CVE-2022-49385

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 26, 2025

Updated: Feb 27, 2025

CWE ID 416

Summary

CVE-2022-49385 is a vulnerability affecting the Linux kernel. In certain scenarios, when the driver_attach function fails, the associated driver_private is freed. However, the driver has already been added to the bus, resulting in a use-after-free (UAF) condition. This issue can lead to unintended behavior or system crashes. To mitigate the risk, the affected driver must be removed from the bus when the driver_attach operation fails.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3usuWk
https://www.cve.org/CVERecord?id=CVE-2022-49385
https://nvd.nist.gov/vuln/detail/CVE-2022-49385

Back to Vulnerability Database