Cyber Resilience

CVE-2022-49426

High

Published: 26 February 2025

Published
26 February 2025
Modified
24 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49426 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-49426 is a use-after-free vulnerability in the Linux kernel's IOMMU implementation for ARM SMMUv3 with Shared Virtual Addressing (SVA) support. The issue arises when arm64_mm_context_put() is called without holding a reference to the mm_struct, potentially leading to a use-after-free condition before the ASID is unpinned. This flaw, classified under CWE-416, affects Linux kernel versions prior to the application of the relevant stable patches and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially allowing the attacker to escalate privileges or cause denial of service within the affected kernel context.

Mitigation involves applying the upstream patches from the provided stable kernel commit references, including 9aa215450888cf29af0c479e14a712dc6b0c506c, cbd23144f7662b00bcde32a938c4a4057e476d68, e3cbbdbff8a4db5d053c53fd71be62ccccdb52b0, and fc90f13ea0dcd960e5002d204fa55cec4e0db2fa. These commits introduce mmgrab() and mmdrop() calls to properly manage the mm_struct reference, ensuring it is not freed prematurely. Security practitioners should update affected Linux kernels to versions incorporating these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3-sva: Fix mm use-after-free We currently call arm64_mm_context_put() without holding a reference to the mm, which can result in use-after-free. Call mmgrab()/mmdrop() to ensure the mm only gets freed after…

more

we unpinned the ASID.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel UAF directly enables privilege escalation via exploitation of the IOMMU/SMMU flaw.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2023-52974Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2022-49176Same product: Linux Linux Kernel
CVE-2022-49291Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.11 — 5.15.46 · 5.16 — 5.17.14 · 5.18 — 5.18.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free vulnerability by identifying, reporting, and applying Linux kernel patches that properly manage mm_struct references with mmgrab() and mmdrop().

detect

Vulnerability scanning identifies the presence of CVE-2022-49426 in affected Linux kernel versions, enabling timely patching.

prevent

Implements memory safeguards such as address space layout randomization and page protections that mitigate exploitation of the kernel IOMMU use-after-free vulnerability.

References