CVE-2022-49465

Summary

CVE-2022-49465: In the Linux kernel, a use-after-free vulnerability was identified in the blk-throttle subsystem. The issue occurs when a bio (Buffer I/O control structure) is throttled and subsequently completed before the BIO_THROTTLED flag is set. As a result, the memory allocated for the bio could be freed prematurely, leading to a use-after-free condition. This could potentially cause issues like crashes or arbitrary code execution. The vulnerability affects various functions including mpage_readahead, read_pages, and generic_file_read_iter. To mitigate this issue, the kernel team suggests moving the setting of the BIO_THROTTLED flag into the queue_lock to ensure proper synchronization.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.