Cyber Resilience

CVE-2022-49384

High

Published: 26 February 2025

Published
26 February 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49384 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-49384 is a double-free vulnerability (CWE-415) in the Linux kernel's MD (multiple devices) subsystem, which handles software RAID functionality. The issue stems from the io_acct_set bioset being allocated and freed within the personality module, while erroneous free operations were also present in the md_free and md_stop functions, leading to a double free upon certain teardown sequences.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it with low complexity and no user interaction. Successful exploitation could grant high impacts on confidentiality, integrity, and availability, potentially enabling memory corruption, arbitrary code execution, or denial of service.

Mitigation is provided through patches in the Linux kernel stable trees, as detailed in the referenced commits (e.g., 36a2fc44c574, 42b805af1024, ea7d7bd90079, f99d5b5dc8a4). These commits remove the duplicate free calls for io_acct_set in md_free and md_stop, ensuring it is solely managed by the personality module. Security practitioners should apply these kernel updates to affected systems.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: md: fix double free of io_acct_set bioset Now io_acct_set is alloc and free in personality. Remove the codes that free io_acct_set in md_free and md_stop.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Double-free in Linux kernel MD subsystem enables local memory corruption and arbitrary code execution for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23387Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-31489Same product: Linux Linux Kernel
CVE-2022-49391Same product: Linux Linux Kernel
CVE-2022-49290Same product: Linux Linux Kernel
CVE-2026-23162Same product: Linux Linux Kernel
CVE-2026-23068Same product: Linux Linux Kernel
CVE-2026-31475Same product: Linux Linux Kernel
CVE-2022-49530Same product: Linux Linux Kernel
CVE-2026-31468Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.15.17 — 5.15.46 · 5.16.3 — 5.17.14 · 5.18 — 5.18.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation through kernel patches directly eliminates the double-free of io_acct_set bioset in the MD subsystem's md_free and md_stop functions.

detect

Vulnerability scanning detects Linux kernel versions affected by CVE-2022-49384, enabling identification of unpatched systems.

prevent

Memory protection mechanisms mitigate exploitation of the double-free vulnerability by preventing unauthorized code execution from memory corruption.

References