SB20250226572 - Double free in Linux kernel time
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226572
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Double free (CVE-ID: CVE-2022-49675)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the tick_nohz_full_setup() function in kernel/time/tick-sched.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2390095113e98fc52fffe35c5206d30d9efe3f78
- https://git.kernel.org/stable/c/c4ff3ffe0138234774602152fe67e3a898c615c6
- https://git.kernel.org/stable/c/ea32b27e2f8c58c92bff5ecba7fcf64b97707089
- https://git.kernel.org/stable/c/f4a80ec8c51d68be4b7a7830c510f75080c5e417
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.52