{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48649","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-25T13:44:28.316Z","datePublished":"2024-04-28T13:00:33.390Z","dateUpdated":"2025-05-04T08:20:33.156Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:20:33.156Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab_common: fix possible double free of kmem_cache\n\nWhen doing slub_debug test, kfence's 'test_memcache_typesafe_by_rcu'\nkunit test case cause a use-after-free error:\n\n BUG: KASAN: use-after-free in kobject_del+0x14/0x30\n Read of size 8 at addr ffff888007679090 by task kunit_try_catch/261\n\n CPU: 1 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.0.0-rc5-next-20220916 #17\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x34/0x48\n print_address_description.constprop.0+0x87/0x2a5\n print_report+0x103/0x1ed\n kasan_report+0xb7/0x140\n kobject_del+0x14/0x30\n kmem_cache_destroy+0x130/0x170\n test_exit+0x1a/0x30\n kunit_try_run_case+0xad/0xc0\n kunit_generic_run_threadfn_adapter+0x26/0x50\n kthread+0x17b/0x1b0\n \n\nThe cause is inside kmem_cache_destroy():\n\nkmem_cache_destroy\n acquire lock/mutex\n shutdown_cache\n schedule_work(kmem_cache_release) (if RCU flag set)\n release lock/mutex\n kmem_cache_release (if RCU flag not set)\n\nIn some certain timing, the scheduled work could be run before\nthe next RCU flag checking, which can then get a wrong value\nand lead to double kmem_cache_release().\n\nFix it by caching the RCU flag inside protected area, just like 'refcnt'"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/slab_common.c"],"versions":[{"version":"357321557920c805de2b14832002465c320eea4f","lessThan":"c673c6ceac53fb2e631c9fbbd79957099a08927f","status":"affected","versionType":"git"},{"version":"0495e337b7039191dfce6e03f5f830454b1fae6b","lessThan":"d71608a877362becdc94191f190902fac1e64d35","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/slab_common.c"],"versions":[{"version":"5.19.8","lessThan":"5.19.12","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19.8","versionEndExcluding":"5.19.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c673c6ceac53fb2e631c9fbbd79957099a08927f"},{"url":"https://git.kernel.org/stable/c/d71608a877362becdc94191f190902fac1e64d35"}],"title":"mm/slab_common: fix possible double free of kmem_cache","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:17:55.556Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/c673c6ceac53fb2e631c9fbbd79957099a08927f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d71608a877362becdc94191f190902fac1e64d35","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48649","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:46:11.220120Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:10.427Z"}}]}}