high
7.8
CWE
416
Advisory Published
Updated

CVE-2022-49388: ubi: ubi_create_volume: Fix use-after-free when volume creation failed

First published: Wed Feb 26 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_create_volume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s error handling path: ubi_eba_replace_table(vol, eba_tbl) vol->eba_tbl = tbl out_mapping: ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl' out_unlock: put_device(&vol->dev) vol_release kfree(tbl->entries) // UAF Fix it by removing redundant 'eba_tbl' releasing. Fetch a reproducer in [Link].

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel>=4.12<4.14.283
Linux Kernel>=4.15<4.19.247
Linux Kernel>=4.20<5.4.198
Linux Kernel>=5.5<5.10.122
Linux Kernel>=5.11<5.15.47
Linux Kernel>=5.16<5.17.15
Linux Kernel>=5.18<5.18.4

Remedy

https://git.kernel.org/stable/c/1174ab8ba36a48025b68b5ff1085000b1e510217

Remedy

https://git.kernel.org/stable/c/25ff1e3a1351c0d936dd1ac2f9e58231ea1510c9

Remedy

https://git.kernel.org/stable/c/5ff2514e4fb55dcf3d88294686040ca73ea0c1a2

Remedy

https://git.kernel.org/stable/c/6d8d3f68cbecfd31925796f0fb668eb21ab06734

Remedy

https://git.kernel.org/stable/c/8302620aeb940f386817321d272b12411ae7d39f

Remedy

https://git.kernel.org/stable/c/8c03a1c21d72210f81cb369cc528e3fde4b45411

Remedy

https://git.kernel.org/stable/c/abb67043060f2bf4c03d7c3debb9ae980e2b6db3

Remedy

https://git.kernel.org/stable/c/e27ecf325e51abd06aaefba57a6322a46fa4178b

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-49388?

    CVE-2022-49388 has been classified as a high severity vulnerability in the Linux kernel.

  • How do I fix CVE-2022-49388?

    To fix CVE-2022-49388, update your Linux kernel to a version that is not affected by the vulnerability.

  • What versions of the Linux kernel are affected by CVE-2022-49388?

    CVE-2022-49388 affects multiple versions of the Linux kernel prior to 4.14.283, 4.19.247, 5.4.198, 5.10.122, 5.15.47, 5.17.15, and 5.18.4.

  • What types of systems are impacted by CVE-2022-49388?

    CVE-2022-49388 impacts systems running affected versions of the Linux kernel, commonly found in various distributions.

  • What is the nature of the vulnerability in CVE-2022-49388?

    CVE-2022-49388 is a use-after-free vulnerability occurring during error handling in the ubi_create_volume function.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203