CVE-2022-49811 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe() iterator to prevent a use after free.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/7d93417d596402ddd46bd76c721f205d09d0d025
https://git.kernel.org/stable/c/813a8dd9c45fd46f5cbbfbedf0791afa7740ccf5
https://git.kernel.org/stable/c/9ed51414aef6e59e832e2960f10766dce2d5b1a1
https://git.kernel.org/stable/c/a7a1598189228b5007369a9622ccdf587be0730f
https://git.kernel.org/stable/c/bf47ca1b35fc1f55091ffaff5fbe41ea0c6f59a1
https://git.kernel.org/stable/c/c2a00b149836d60c222930bbea6b2139caf34d4f
https://git.kernel.org/stable/c/fc1897f16ebcfd22364f2afcc27f53a740f3bc7a
https://lore.kernel.org/linux-cve-announce/2025050129-CVE-2022-49811-cb0b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49811
https://www.cve.org/CVERecord?id=CVE-2022-49811

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00036}`	epss `{'score': 0.00099}`

Fri, 02 May 2025 14:00:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025050129-CVE-2022-49811-cb0b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-49811 https://www.cve.org/CVERecord?id=CVE-2022-49811
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 01 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe() iterator to prevent a use after free.
Title		drbd: use after free in drbd_create_device()
References		https://git.kernel.org/stable/c/7d93417d596402ddd46bd76c721f205d09d0d025 https://git.kernel.org/stable/c/813a8dd9c45fd46f5cbbfbedf0791afa7740ccf5 https://git.kernel.org/stable/c/9ed51414aef6e59e832e2960f10766dce2d5b1a1 https://git.kernel.org/stable/c/a7a1598189228b5007369a9622ccdf587be0730f https://git.kernel.org/stable/c/bf47ca1b35fc1f55091ffaff5fbe41ea0c6f59a1 https://git.kernel.org/stable/c/c2a00b149836d60c222930bbea6b2139caf34d4f https://git.kernel.org/stable/c/fc1897f16ebcfd22364f2afcc27f53a740f3bc7a

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-05-01T14:09:36.098Z

Updated: 2025-05-04T08:45:51.308Z

Reserved: 2025-05-01T14:05:17.226Z

Link: CVE-2022-49811

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-05-01T15:16:04.450

Modified: 2025-05-02T13:53:20.943

Link: CVE-2022-49811

Redhat

Severity : Moderate

Publid Date: 2025-05-01T00:00:00Z

Links: CVE-2022-49811 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object