Cyber Resilience

CVE-2022-49385

High

Published: 26 February 2025

Published
26 February 2025
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 24.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49385 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 24.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-49385 is a Use After Free (UAF) vulnerability in the Linux kernel's driver base subsystem, stemming from improper handling during driver attachment. Specifically, when the driver_attach function fails, the driver_private structure is freed even though it has already been added to the bus, leading to a UAF condition. This issue is tracked under CWE-416 and affects Linux kernel versions prior to the application of the relevant stable patches.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements, as indicated by the CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation could result in high impacts to confidentiality, integrity, and availability, potentially allowing the attacker to execute arbitrary code or cause denial of service within the kernel context.

Mitigation involves applying the upstream patches from the provided kernel stable commit references, such as https://git.kernel.org/stable/c/310862e574001a97ad02272bac0fd13f75f42a27 and others, which fix the issue by removing the driver_private from the bus before freeing it upon driver_attach failure. Security practitioners should ensure systems are updated to kernels incorporating these commits.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: driver: base: fix UAF when driver_attach failed When driver_attach(drv); failed, the driver_private will be freed. But it has been added to the bus, which caused a UAF. To fix it,…

more

we need to delete it from the bus when failed.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel UAF in driver_attach directly enables arbitrary code execution for privilege escalation from low-privileged user context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2023-52974Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2022-49176Same product: Linux Linux Kernel
CVE-2022-49291Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
3.9 — 5.4.198 · 5.5 — 5.10.122 · 5.11 — 5.15.47

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the UAF vulnerability by requiring timely installation of kernel patches that properly remove driver_private from the bus before freeing upon driver_attach failure.

prevent

Implements memory protection mechanisms like KASLR and supervisor-mode execution prevention that comprehensively mitigate exploitation of use-after-free errors in kernel driver subsystems.

prevent

Enforces secure kernel configuration settings, including exploit mitigations and restrictions on driver loading, to reduce the impact of UAF conditions in the driver base.

References