CVE-2022-49114
Published: 26 February 2025
Summary
CVE-2022-49114 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2022-49114 is a use-after-free vulnerability in the Linux kernel's libfc (SCSI Fibre Channel library) component, specifically within the fc_exch_abts_resp() function. The issue arises because fc_exch_release(ep) decrements the reference count of the exchange pointer (ep), freeing it when the count reaches zero, but subsequent code continues to use ep, leading to a use-after-free condition. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-416.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution, data corruption, or system crashes on affected systems.
Mitigation involves applying the relevant stable kernel patches, as detailed in the upstream commit references. These patches fix the issue by adding a return statement immediately after fc_exch_release() to prevent further use of the potentially freed ep. The provided references link to specific kernel stable commits implementing this fix across various branches.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-55099
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the reference count reaches zero, it is freed. But ep is still used in…
more
the following code, which will lead to a use after free. Return after the fc_exch_release() call to avoid use after free.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel use-after-free with low-priv attacker and arbitrary code execution impact directly maps to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely identification, reporting, and correction of kernel flaws like this use-after-free vulnerability directly prevents exploitation by applying the specific stable kernel patches.
Memory protection mechanisms such as kernel address space layout randomization (KASLR) and supervisor mode execution protection (SMEP) mitigate exploitation of use-after-free vulnerabilities in the kernel.
Vulnerability scanning and monitoring identify the presence of CVE-2022-49114 in deployed kernel versions, enabling prompt remediation.