What is the severity of CVE-2022-49258?

CVE-2022-49258 is considered a high severity vulnerability due to its potential for a use-after-free condition in the Linux kernel.

How do I fix CVE-2022-49258?

To fix CVE-2022-49258, users should update to the latest patched version of the Linux kernel that addresses this vulnerability.

What versions of the Linux kernel are affected by CVE-2022-49258?

CVE-2022-49258 affects Linux kernel versions between 4.17 and 5.17.2, excluding certain patched releases.

What type of vulnerability is CVE-2022-49258?

CVE-2022-49258 is a use-after-free vulnerability that can lead to memory corruption in the Linux kernel.

What impact does CVE-2022-49258 have on system security?

CVE-2022-49258 can allow attackers to exploit memory corruption, potentially leading to arbitrary code execution or system instability.

Vulnerability/
CVE-2022-49258

high

7.8

CWE

416

26/2/2025

25/3/2025

CVE-2022-49258: crypto: ccree - Fix use after free in cc_cipher_exit()

First published: Wed Feb 26 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But ctx_p->user.key is still used in the next line, which will lead to a use after free. We can call kfree_sensitive() after dev_dbg() to avoid the uaf.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel
Linux Kernel	>=4.17<5.10.110
Linux Kernel	>=5.11<5.15.33
Linux Kernel	>=5.16<5.16.19
Linux Kernel	>=5.17<5.17.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-49258?
CVE-2022-49258 is considered a high severity vulnerability due to its potential for a use-after-free condition in the Linux kernel.
How do I fix CVE-2022-49258?
To fix CVE-2022-49258, users should update to the latest patched version of the Linux kernel that addresses this vulnerability.
What versions of the Linux kernel are affected by CVE-2022-49258?
CVE-2022-49258 affects Linux kernel versions between 4.17 and 5.17.2, excluding certain patched releases.
What type of vulnerability is CVE-2022-49258?
CVE-2022-49258 is a use-after-free vulnerability that can lead to memory corruption in the Linux kernel.
What impact does CVE-2022-49258 have on system security?
CVE-2022-49258 can allow attackers to exploit memory corruption, potentially leading to arbitrary code execution or system instability.

agent/first-publish-date
agent/type
agent/title
agent/author
agent/references
agent/source
agent/description
agent/severity
agent/guess-ai
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/weakness
agent/softwarecombine
agent/last-modified-date
agent/remedy
agent/event
agent/tags
collector/nvd-api
source/NVD
vendor/linux
canonical/linux kernel
version/linux kernel/4.17
version/linux kernel/5.11
version/linux kernel/5.16
version/linux kernel/5.17

CVE-2022-49258: crypto: ccree - Fix use after free in cc_cipher_exit()

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-49258?

How do I fix CVE-2022-49258?

What versions of the Linux kernel are affected by CVE-2022-49258?

What type of vulnerability is CVE-2022-49258?

What impact does CVE-2022-49258 have on system security?

Company

Resources

Contact