CVE-2022-49388

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49388
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49388.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49388
Downstream
Related
Published
2025-02-26T07:01:15Z
Modified
2025-08-09T19:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ubi: ubicreatevolume: Fix use-after-free when volume creation failed

There is an use-after-free problem for 'ebatbl' in ubicreate_volume()'s error handling path:

ubiebareplacetable(vol, ebatbl) vol->ebatbl = tbl outmapping: ubiebadestroytable(ebatbl) // Free 'ebatbl' outunlock: putdevice(&vol->dev) volrelease kfree(tbl->entries) // UAF

Fix it by removing redundant 'eba_tbl' releasing. Fetch a reproducer in [Link].

References

Affected packages