CVE-2022-49426

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 26, 2025

Updated: Feb 27, 2025

CWE ID 416

Summary

CVE-2022-44926 is a vulnerability affecting the Linux kernel's IOMMU subsystem for ARM-SMMU-V3-SVA. This issue involves a use-after-free condition, where the function arm64_mm_context_put() is called without holding a reference to the memory manager (mm). As a result, the mm may be freed prematurely, leading to potential memory corruption and security vulnerabilities. To mitigate this risk, it is recommended to use mmgrab()/mmdrop() to ensure the mm is only freed after the ASID is unpinned.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3utiyI
https://www.cve.org/CVERecord?id=CVE-2022-49426
https://nvd.nist.gov/vuln/detail/CVE-2022-49426

Back to Vulnerability Database