Cyber Resilience

CVE-2022-49508

High

Published: 26 February 2025

Published
26 February 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49508 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-49508 is a vulnerability in the Linux kernel's HID Elan driver, specifically within the elan_input_configured function. The issue arises because the 'input' resource is allocated using devm_input_allocate_device(), a managed allocation that is automatically freed when the owner device unbinds or binding fails. However, the code explicitly calls input_free_device(), leading to a potential double free, classified under CWE-415.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It can be exploited by a local attacker with low privileges, requiring low complexity and no user interaction. Successful exploitation could result in high impacts to confidentiality, integrity, and availability.

Mitigation requires applying upstream patches from Linux kernel stable branches, as detailed in the referenced commits: https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6, https://git.kernel.org/stable/c/24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47, https://git.kernel.org/stable/c/5291451851feeb66fd4bf0826710f482f3b1ab38, https://git.kernel.org/stable/c/6d0726725c7c560495f5ff364862a2cefea542e3, and https://git.kernel.org/stable/c/8bb1716507ebf12d50bbf181764481de3b6bc7fd. These patches remove the explicit input_free_device() call to prevent the double free.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will be a…

more

double free. According to the doc of devm_input_allocate_device(): * Managed input devices do not need to be explicitly unregistered or * freed as it will be done automatically when owner device unbinds from * its driver (or binding fails).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel double-free in HID driver directly enables privilege escalation via memory corruption (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23387Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-31489Same product: Linux Linux Kernel
CVE-2022-49391Same product: Linux Linux Kernel
CVE-2022-49290Same product: Linux Linux Kernel
CVE-2026-23162Same product: Linux Linux Kernel
CVE-2026-23068Same product: Linux Linux Kernel
CVE-2022-49384Same product: Linux Linux Kernel
CVE-2026-31475Same product: Linux Linux Kernel
CVE-2022-49530Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
4.17 — 4.19.247 · 4.20 — 5.4.198 · 5.5 — 5.10.121

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the double free in the Elan HID driver by requiring timely application of kernel patches to eliminate the vulnerability.

preventdetect

Vulnerability monitoring and scanning identifies CVE-2022-49508 in kernel versions and mandates updates with patches to prevent exploitation.

prevent

Memory protection mechanisms such as kernel address space randomization and freelist protections mitigate exploitation of the double free vulnerability.

References