CVE-2022-49388

HIGH 7.8

ubi: ubi_create_volume: Fix use-after-free when volume creation failed

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_create_volume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s error handling path: ubi_eba_replace_table(vol, eba_tbl) vol->eba_tbl = tbl out_mapping: ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl' out_unlock: put_device(&vol->dev) vol_release kfree(tbl->entries) // UAF Fix it by removing redundant 'eba_tbl' releasing. Fetch a reproducer in [Link].

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Feb 26, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec < 25ff1e3a1351c0d936dd1ac2f9e58231ea1510c9 493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec < abb67043060f2bf4c03d7c3debb9ae980e2b6db3 493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec < 8302620aeb940f386817321d272b12411ae7d39f 493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec < 6d8d3f68cbecfd31925796f0fb668eb21ab06734 493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec < 5ff2514e4fb55dcf3d88294686040ca73ea0c1a2 493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec < e27ecf325e51abd06aaefba57a6322a46fa4178b 493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec < 1174ab8ba36a48025b68b5ff1085000b1e510217 493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec < 8c03a1c21d72210f81cb369cc528e3fde4b45411

Linux / Linux

4.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗