#VU104488 Use-after-free in Linux kernel - CVE-2022-49194

Cybersecurity Help s.r.o.

Published: 2025-02-26 | Updated: 2025-05-11

Vulnerability identifier: #VU104488

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49194

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bcmgenet_writel() and bcmgenet_readl() functions in drivers/net/ethernet/broadcom/genet/bcmgenet.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.17, 5.17 rc1, 5.17 rc2, 5.17 rc3, 5.17 rc4, 5.17 rc5, 5.17 rc6, 5.17 rc7, 5.17 rc8, 5.17 rc9, 5.17 rc12, 5.17.1

External links
https://git.kernel.org/stable/c/06d836801cd82ded282aaf9e888ff9e7e4a88b91
https://git.kernel.org/stable/c/1d717816189fd68f9e089cf89ed1f7327d2c2e71
https://git.kernel.org/stable/c/8d3ea3d402db94b61075617e71b67459a714a502
https://git.kernel.org/stable/c/b26091a02093104259ca64aeca73601e56160d62
https://git.kernel.org/stable/c/f49769b462f282477ca801cf648f875b1c5b59db
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Use-after-free in Linux kernel broadcom genet driver