Cyber Resilience

CVE-2022-49541

High

Published: 26 February 2025

Published
26 February 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49541 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-49541 is a double-free vulnerability (CWE-415) in the Linux kernel's CIFS (Common Internet File System) implementation. It occurs during a failed mount operation, where improper memory handling can lead to a double free. The affected component is the cifs module within the Linux kernel, with the issue resolved via upstream patches.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction required (UI:N), given local access (AV:L) to the system. Successful exploitation can result in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an unchanged security scope (S:U), potentially allowing arbitrary code execution, denial of service, or data corruption via crafted mount operations. The CVSS v3.1 base score is 7.8 (High).

Mitigation involves applying the relevant upstream Linux kernel stable patches, as detailed in the commit references: 8378a51e3f8140f60901fb27208cc7a6e47047b5, 9a167fc440e5693c1cdd7f07071e05658bd9d89d, ce0008a0e410cdd95f0d8cd81b2902ec10a660c4, and ee71f8f1cd3c8c4a251fd3e8abc89215ae3457cb. Additional details are available in Red Hat Bugzilla entry 2088799. Security practitioners should ensure systems using CIFS mounts are updated to patched kernel versions.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Double-free in Linux kernel CIFS enables local privilege escalation via crafted mount operations leading to arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23387Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-31489Same product: Linux Linux Kernel
CVE-2022-49391Same product: Linux Linux Kernel
CVE-2022-49290Same product: Linux Linux Kernel
CVE-2026-23162Same product: Linux Linux Kernel
CVE-2026-23068Same product: Linux Linux Kernel
CVE-2022-49384Same product: Linux Linux Kernel
CVE-2026-31475Same product: Linux Linux Kernel
CVE-2022-49530Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
≤ 5.15.46 · 5.16 — 5.17.14 · 5.18 — 5.18.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates timely identification, reporting, and correction of system flaws, directly addressing the double-free vulnerability in the Linux kernel's CIFS module via upstream patches.

preventdetect

RA-5 requires vulnerability scanning and timely remediation of identified vulnerabilities like CVE-2022-49541 in deployed Linux kernels.

prevent

SI-16 enforces memory protection mechanisms such as ASLR and DEP to mitigate exploitation of the double-free for arbitrary code execution or denial of service.

References