CVE-2022-49455
Published: 26 February 2025
Summary
CVE-2022-49455 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2022-49455 is a double free vulnerability (CWE-415) in the Linux kernel's misc: ocxl component, specifically within the ocxl_file_register_afu function. The issue occurs because info_release() is automatically invoked during device_unregister() when the info->dev reference count reaches zero, rendering subsequent calls to ocxl_afu_put() and kfree() redundant and potentially causing a double free.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it requires local access, low attack complexity, and low privileges with no user interaction. A successful local attacker could leverage the double free to achieve high impacts on confidentiality, integrity, and availability, potentially leading to memory corruption or kernel instability.
Kernel stable patches resolve the issue by adding a free_minor() call and an early return in the err_unregister error path, as detailed in the following commits: https://git.kernel.org/stable/c/252768d32e92c1214aeebb5fec0844ca479bcf5c, https://git.kernel.org/stable/c/8fb674216835e1f0c143762696d645facebb4685, https://git.kernel.org/stable/c/950cf957fe34d40d63dfa3bf3968210430b6491e, https://git.kernel.org/stable/c/9e9087cf34ee69f4e95d146ac29385d6e367a97b, and https://git.kernel.org/stable/c/de65c32ace9aa70d51facc61ba986607075e3a25. Security practitioners should ensure affected Linux kernel versions are updated with these fixes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-54774
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible double free in ocxl_file_register_afu info_release() will be called in device_unregister() when info->dev's reference count is 0. So there is no need to call ocxl_afu_put() and kfree()…
more
again. Fix this by adding free_minor() and return to err_unregister error path.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Double-free in kernel driver enables local memory corruption for privilege escalation (AV:L, high C/I/A impact).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the double free vulnerability in the Linux kernel's ocxl_file_register_afu by applying the specified stable patches to eliminate the flaw.
Identifies systems running vulnerable Linux kernel versions affected by CVE-2022-49455 through vulnerability scanning, enabling timely remediation.
Mitigates potential exploitation of the double free via kernel memory protections such as ASLR and DEP, reducing impacts on confidentiality, integrity, and availability.