ByteOS Network

NVD Vulnerability Details :

CVE-2022-49651

Analyzed

Source-416baaa9-dc9f-4396-8d5f-8c081fb06d67

Published At-26 Feb, 2025 | 07:01

Updated At-24 Mar, 2025 | 19:03

In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct().

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Linux Kernel Organization, Inc

>>linux_kernel>>Versions before 5.18.11(exclusive)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-416	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-416

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://git.kernel.org/stable/c/8ed00760203d8018bee042fbfe8e076579be2c2b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	Patch
https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07	416baaa9-dc9f-4396-8d5f-8c081fb06d67	Patch

Hyperlink: https://git.kernel.org/stable/c/8ed00760203d8018bee042fbfe8e076579be2c2b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Resource:

Patch

Hyperlink: https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Resource:

Patch

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History