SB20250226267 - Use-after-free in Linux kernel
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226267
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2022-49647)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the LIST_HEAD_INIT(), find_css_set(), cgroup_migrate_vet_dst(), cgroup_migrate_add_src(), cgroup_migrate_prepare_dst() and cgroup_update_dfl_csses() functions in kernel/cgroup/cgroup.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/05f7658210d1d331e8dd4cb6e7bbbe3df5f5ac27
- https://git.kernel.org/stable/c/07fd5b6cdf3cc30bfde8fe0f644771688be04447
- https://git.kernel.org/stable/c/0e41774b564befa6d271e8d5086bf870d617a4e6
- https://git.kernel.org/stable/c/54aee4e5ce8c21555286a6333e46c1713880cf93
- https://git.kernel.org/stable/c/7657e3958535d101a24ab4400f9b8062b9107cc4
- https://git.kernel.org/stable/c/ad44e05f3e016bdcb1ad25af35ade5b5f41ccd68
- https://git.kernel.org/stable/c/cec2bbdcc14fbaa6b95ee15a7c423b05d97038be
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.253