Cyber Resilience

CVE-2022-49711

High

Published: 26 February 2025

Published
26 February 2025
Modified
21 January 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49711 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-49711 is a use-after-free vulnerability in the Linux kernel's fsl-mc-bus subsystem. The flaw occurs in the fsl_mc_bus_remove() function, where mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io() after mc->root_mc_bus_dev has already been freed by fsl_mc_device_remove(), triggering a KASAN-detected use-after-free condition.

A local attacker with low privileges can exploit this vulnerability, requiring low attack complexity and no user interaction. Exploitation leads to high impacts on confidentiality, integrity, and availability, per the CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), and is associated with CWE-416.

Mitigation patches are available in Linux kernel stable branches via git commits such as 161b68b0a728377aaa10a8e14c70e7734f3c9ff7, 720ab105df7bf3eee62d2bddd41526b29d07d045, 928ea98252ad75118950941683893cf904541da9, and ccd1751092341ac120a961835211f9f2e3735963. These fixes store a reference to mc->root_mc_bus_dev->mc_io in a local variable before freeing the device, preventing the use-after-free. The patch requires rework to apply to kernels older than v5.15.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io(). However, mc->root_mc_bus_dev is already freed in fsl_mc_device_remove(). Then reference to mc->root_mc_bus_dev->mc_io triggers KASAN use-after-free. To avoid…

more

the use-after-free, keep the reference to mc->root_mc_bus_dev->mc_io in a local variable and pass to fsl_destroy_mc_io(). This patch needs rework to apply to kernels older than v5.15.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel use-after-free enables direct privilege escalation via exploitation of the fsl-mc-bus driver.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2023-52974Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2022-49176Same product: Linux Linux Kernel
CVE-2022-49291Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.19 · 4.8 — 5.10.248 · 5.11 — 5.15.49 · 5.16 — 5.18.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and timely remediation of the use-after-free flaw in the Linux kernel's fsl-mc-bus subsystem via available patches.

prevent

Mandates system safeguards to protect against memory-related vulnerabilities such as the use-after-free in fsl_mc_bus_remove().

preventdetect

Ensures receipt and corrective action on security advisories for CVEs like CVE-2022-49711, enabling patch application to prevent exploitation.

References