CVE-2022-49384
Published: 26 February 2025
Summary
CVE-2022-49384 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2022-49384 is a double-free vulnerability (CWE-415) in the Linux kernel's MD (multiple devices) subsystem, which handles software RAID functionality. The issue stems from the io_acct_set bioset being allocated and freed within the personality module, while erroneous free operations were also present in the md_free and md_stop functions, leading to a double free upon certain teardown sequences.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it with low complexity and no user interaction. Successful exploitation could grant high impacts on confidentiality, integrity, and availability, potentially enabling memory corruption, arbitrary code execution, or denial of service.
Mitigation is provided through patches in the Linux kernel stable trees, as detailed in the referenced commits (e.g., 36a2fc44c574, 42b805af1024, ea7d7bd90079, f99d5b5dc8a4). These commits remove the duplicate free calls for io_acct_set in md_free and md_stop, ensuring it is solely managed by the personality module. Security practitioners should apply these kernel updates to affected systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-54845
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: md: fix double free of io_acct_set bioset Now io_acct_set is alloc and free in personality. Remove the codes that free io_acct_set in md_free and md_stop.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Double-free in Linux kernel MD subsystem enables local memory corruption and arbitrary code execution for privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely remediation through kernel patches directly eliminates the double-free of io_acct_set bioset in the MD subsystem's md_free and md_stop functions.
Vulnerability scanning detects Linux kernel versions affected by CVE-2022-49384, enabling identification of unpatched systems.
Memory protection mechanisms mitigate exploitation of the double-free vulnerability by preventing unauthorized code execution from memory corruption.