CVE-2022-49223 — Vulnetix

CVE-2022-49223 PUBLISHED CVSS 7.8 HIGH

Reported by Linux · Published February 26, 2025

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Hold port reference until decoder release KASAN + DEBUG_KOBJECT_RELEASE reports a potential use-after-free in cxl_decoder_release() where it goes to reference its parent, a cxl_port, to free its id back to port->decoder_ida. BUG: KASAN: use-after-free in to_cxl_port+0x18/0x90 [cxl_core] Read of size 8 at addr ffff888119270908 by task kworker/35:2/379 CPU: 35 PID: 379 Comm: kworker/35:2 Tainted: G OE 5.17.0-rc2+ #198 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Workqueue: events kobject_delayed_cleanup Call Trace: <TASK> dump_stack_lvl+0x59/0x73 print_address_description.constprop.0+0x1f/0x150 ? to_cxl_port+0x18/0x90 [cxl_core] kasan_report.cold+0x83/0xdf ? to_cxl_port+0x18/0x90 [cxl_core] to_cxl_port+0x18/0x90 [cxl_core] cxl_decoder_release+0x2a/0x60 [cxl_core] device_release+0x5f/0x100 kobject_cleanup+0x80/0x1c0 The device core only guarantees parent lifetime until all children are unregistered. If a child needs a parent to complete its ->release() callback that child needs to hold a reference to extend the lifetime of the parent.

Risk Scores

CVSS v3.1

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Linux	Linux	40ba17afdfabb01688c61565dbe02a916241bc05, 40ba17afdfabb01688c61565dbe02a916241bc05, 40ba17afdfabb01688c61565dbe02a916241bc05
Linux	Linux	5.14, 0, 5.15.54
linux	linux_kernel	5.14, 5.14, 5.14
Linux	Linux	5.14, 0, 5.15.54

Timeline

Feb 26, 2025 CVE Published
Feb 27, 2025 EPSS Score
Mar 12, 2025 EPSS Score
Mar 26, 2025 EPSS Score
Apr 8, 2025 EPSS Score
Apr 22, 2025 EPSS Score
May 4, 2025 CVE Updated
May 5, 2025 EPSS Score
May 19, 2025 EPSS Score
Jun 1, 2025 EPSS Score
Jun 15, 2025 EPSS Score
Jun 28, 2025 EPSS Score

References

Open in Interactive Console →