CVE-2022-49770

Published May 1, 2025

Last updated 6 months ago

CVSS high 7.8

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'first_realm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random use-after-free, BUG_ON, etc issues.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed
Products: linux_kernel

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0EDF5BF7-F16B-4246-879A-2952C0D0140F",
            "versionEndExcluding": "4.19.268",
            "versionStartIncluding": "2.6.35",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "274F5087-5805-4D03-8C74-8517300658F1",
            "versionEndExcluding": "5.4.226",
            "versionStartIncluding": "4.20",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "5EAF291E-0C2B-409D-9D82-59F0C0B67CAB",
            "versionEndExcluding": "5.10.157",
            "versionStartIncluding": "5.5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "899FBA32-27B2-4660-BC94-C43ED4349EB5",
            "versionEndExcluding": "5.15.81",
            "versionStartIncluding": "5.11",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "64F9ADD1-3ADB-4D66-A00F-4A83010B05F0",
            "versionEndExcluding": "6.0.10",
            "versionStartIncluding": "5.16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:-:*:*:*:*:*:*",
            "matchCriteriaId": "A3B1BC1D-ED46-4364-A1D9-1FA74182B03A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "86D3F64C-3F27-43E0-B0D4-62CE1E1F4EFB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc3:*:*:*:*:*:*",
            "matchCriteriaId": "7927713B-5EB0-41EB-86A9-9935775162E0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "59037296-3143-4FBB-AFF7-D4FE2C85502F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "9CA27FD5-7DBF-4C85-80A9-D523B2E4B033",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc6:*:*:*:*:*:*",
            "matchCriteriaId": "9711E333-A8E7-4F4B-BCFD-2023E889651A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc7:*:*:*:*:*:*",
            "matchCriteriaId": "E04D3358-973B-42A1-8E08-2E3AE947193C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*",
            "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References