Cyber Resilience

CVE-2022-49275

High

Published: 26 February 2025

Published
26 February 2025
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49275 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-49275 is a use-after-free vulnerability in the Linux kernel's CAN subsystem, specifically within the m_can driver's m_can_tx_handler() function for m_can version 3.0.x. The issue arises because can_put_echo_skb() clones the socket buffer (skb) and then frees it, leading to a use-after-free condition if not handled properly before hardware transmission. This flaw is classified under CWE-416 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution, data corruption, or system crashes through manipulation of the freed skb during transmission handling.

Mitigation involves applying the upstream kernel patches from the provided stable commit references, which resolve the issue by relocating the can_put_echo_skb() call directly before hardware transmission initiation in m_can 3.0.x, mirroring the approach already used in the 3.1.x branch. These patches are available at git.kernel.org/stable for integration into affected Linux kernel versions.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move the can_put_echo_skb() for the m_can version 3.0.x directly before the start of…

more

the xmit in hardware, similar to the 3.1.x branch.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel UAF in CAN driver directly enables privilege escalation via arbitrary code execution from low-privileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2023-52974Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2022-49176Same product: Linux Linux Kernel
CVE-2022-49291Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
3.18 — 4.9.324 · 4.10 — 4.14.289 · 4.15 — 4.19.253

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and patching of the use-after-free flaw in the m_can driver's tx_handler function.

prevent

Implements memory safeguards such as KASLR and hardened usercopy to mitigate exploitation of the skb use-after-free condition.

detect

Vulnerability scanning detects the presence of CVE-2022-49275 in affected Linux kernel versions for subsequent remediation.

References