CVE-2022-49651

Summary

In the Linux kernel, the following vulnerability has been resolved:

srcu: Tighten cleanup_srcu_struct() GP checks

Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxda915ad5cf25b5f5d358dd3670c3378d8ae8c03e < e997dda6502eefbc1032d6b0da7b353c53344b07affected
LinuxLinuxda915ad5cf25b5f5d358dd3670c3378d8ae8c03e < 8ed00760203d8018bee042fbfe8e076579be2c2baffected
LinuxLinux4.12affected
LinuxLinux0 < 4.12unaffected
LinuxLinux5.18.11 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References