Cyber Resilience

CVE-2022-49651

High

Published: 26 February 2025

Published
26 February 2025
Modified
24 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 3.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49651 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-49651 is a use-after-free vulnerability (CWE-416) in the Linux kernel's SRCU (Sleepable Read-Copy Update) implementation. The issue arises in the cleanup_srcu_struct() function, which checks for grace periods in progress but fails to account for grace periods that are needed but not yet started, potentially leading to a use-after-free condition. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects Linux kernel versions prior to the application of the relevant fixes.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could grant high-impact access to confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data corruption, or system crashes within the kernel context.

The provided references point to kernel patch commits that resolve the issue: https://git.kernel.org/stable/c/8ed00760203d8018bee042fbfe8e076579be2c2b and https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07. These patches tighten the grace period checks in cleanup_srcu_struct() by adding validation for needed but unstarted grace periods, preventing the use-after-free. Security practitioners should ensure affected systems receive these stable kernel updates.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which…

more

might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct().

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel use-after-free directly enables exploitation for privilege escalation to root/kernel context with arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2023-52974Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2022-49176Same product: Linux Linux Kernel
CVE-2022-49291Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
≤ 5.18.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring timely identification, reporting, and patching of the use-after-free flaw in the Linux kernel's SRCU cleanup_srcu_struct() function.

prevent

Implements memory protections such as non-executable memory regions and address space layout randomization that mitigate exploitation of the kernel use-after-free vulnerability.

detect

Enables scanning and monitoring to identify Linux kernel versions vulnerable to CVE-2022-49651, facilitating proactive remediation.

References