high
7.8
CWE
415
Advisory Published
Updated

CVE-2022-49410: tracing: Fix potential double free in create_var_ref()

First published: Wed Feb 26 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential double free in create_var_ref() In create_var_ref(), init_var_ref() is called to initialize the fields of variable ref_field, which is allocated in the previous function call to create_hist_field(). Function init_var_ref() allocates the corresponding fields such as ref_field->system, but frees these fields when the function encounters an error. The caller later calls destroy_hist_field() to conduct error handling, which frees the fields and the variable itself. This results in double free of the fields which are already freed in the previous function. Fix this by storing NULL to the corresponding fields when they are freed in init_var_ref().

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel>=4.17<4.19.247
Linux Kernel>=4.20<5.4.198
Linux Kernel>=5.5<5.10.121
Linux Kernel>=5.11<5.15.46
Linux Kernel>=5.16<5.17.14
Linux Kernel>=5.18<5.18.3

Remedy

https://git.kernel.org/stable/c/058cb6d86b9789377216c936506b346aaa1eb581

Remedy

https://git.kernel.org/stable/c/37443b3508b8cce6832f8d25cb4550b2f7801f50

Remedy

https://git.kernel.org/stable/c/4fdfb15e08598711dbf50daf56a33965232daf0e

Remedy

https://git.kernel.org/stable/c/99696a2592bca641eb88cc9a80c90e591afebd0f

Remedy

https://git.kernel.org/stable/c/bd83ff3bbfb003832481c9bff999d12385f396ae

Remedy

https://git.kernel.org/stable/c/c27f744ceefadc7bbeb14233b6abc150ced617d2

Remedy

https://git.kernel.org/stable/c/f8b383f83cb573152c577eca1ef101e89995b72a

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-49410?

    CVE-2022-49410 has a severity rating that may lead to potential code execution risks due to a double free vulnerability in the Linux kernel.

  • How do I fix CVE-2022-49410?

    To fix CVE-2022-49410, you should update your Linux kernel to the latest patched version provided by your distribution.

  • What versions of the Linux kernel are affected by CVE-2022-49410?

    CVE-2022-49410 affects multiple versions of the Linux kernel, specifically those from 4.17 up to certain ranges of 5.18.

  • What specific component is exploited in CVE-2022-49410?

    CVE-2022-49410 exploits the create_var_ref() function in the tracing subsystem of the Linux kernel.

  • Is CVE-2022-49410 being actively exploited in the wild?

    There is currently no public information indicating that CVE-2022-49410 is actively being exploited in the wild.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203