CVE-2022-49995
- Source
- https://cve.org/CVERecord?id=CVE-2022-49995
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49995.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49995
- Downstream
- Related
- Published
- 2025-06-18T11:00:55.352Z
- Modified
- 2026-03-11T08:49:17.472065Z
- Summary
- writeback: avoid use-after-free after removing device
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
writeback: avoid use-after-free after removing device
When a disk is removed, bdiunregister gets called to stop further writeback and wait for associated delayed work to complete. However, wbinodewritebackend() may schedule bandwidth estimation dwork after this has completed, which can result in the timer attempting to access the just freed bdi_writeback.
Fix this by checking if the bdi_writeback is alive, similar to when scheduling writeback work.
Since this requires wb->worklock, and wbinodewritebackend() may get called from interrupt, switch wb->work_lock to an irqsafe lock.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49995.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7
- https://git.kernel.org/stable/c/f87904c075515f3e1d8f4a7115869d3b914674fd
- https://git.kernel.org/stable/c/f96b9f7c1676923bce871e728bb49c0dfa5013cc
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49995.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49995
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced45a2966fd64147518dc5bca25f447bd0fb5359acFixedf96b9f7c1676923bce871e728bb49c0dfa5013ccFixed9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7Fixedf87904c075515f3e1d8f4a7115869d3b914674fd
Affected versions
v5.*
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.2
v5.19.3
v5.19.4
v5.19.5
v6.*
v6.0-rc1
v6.0-rc2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49995.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"172802956559911444631636772360623132530",
"105434998560247920973167032514772761421",
"182538955297253185824019447871049287713",
"190551523365016338540372347291626741304",
"301672833718976592263169614209445101772",
"48095921218987765335770027344046258857",
"149262542602272371944312740777376222759",
"53126730932671973385910268266591855302",
"238485591989223101329785126598991505497",
"162975425391151028391772447237458950397",
"79084733343332000968181340153418357992",
"302602051931423563052174189128042485267",
"181461537404584222749144857323764496039",
"222626262030704665528982240059294150416",
"229635266251276932875976790843054626865",
"275291895100794038020406116060231636265",
"114996120086559158160371542760406405641",
"244787180532850936193905812267434507632",
"37446745928633592806476978255302110785",
"39405268808642382662555130059131880544",
"198805531082571931842599603606286892574",
"326297105595053928640713973423533906029",
"180581789908533725141225952890714411612",
"340192633961687279340910816314382595419",
"39914621337022667507201276252539382517"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7",
"signature_type": "Line",
"id": "CVE-2022-49995-16e500a3",
"target": {
"file": "fs/fs-writeback.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "295708622294807031022957434374178325611",
"length": 151.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f96b9f7c1676923bce871e728bb49c0dfa5013cc",
"signature_type": "Function",
"id": "CVE-2022-49995-5c59dae7",
"target": {
"file": "mm/page-writeback.c",
"function": "wb_inode_writeback_end"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"191062155770740242518895102311442504617",
"165457337798560857357901863519320577477",
"335266467517476044200419577212568268686",
"226624762138314131380143602776258520676",
"183790180653739280739349287173895333083",
"287433546290508189238606961008045495017"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f87904c075515f3e1d8f4a7115869d3b914674fd",
"signature_type": "Line",
"id": "CVE-2022-49995-63f0b75c",
"target": {
"file": "mm/page-writeback.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "295708622294807031022957434374178325611",
"length": 151.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f87904c075515f3e1d8f4a7115869d3b914674fd",
"signature_type": "Function",
"id": "CVE-2022-49995-655c2d73",
"target": {
"file": "mm/page-writeback.c",
"function": "wb_inode_writeback_end"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"191062155770740242518895102311442504617",
"165457337798560857357901863519320577477",
"335266467517476044200419577212568268686",
"226624762138314131380143602776258520676",
"26852298400699038909414580257482270475",
"43506959499520332400932764347556104082"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f96b9f7c1676923bce871e728bb49c0dfa5013cc",
"signature_type": "Line",
"id": "CVE-2022-49995-6fe8a45b",
"target": {
"file": "mm/page-writeback.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"14949166180582505327808541696988704186",
"170774870814776582507125447215809073230",
"195744530225389001589474936489865262275",
"313809533719221991775736851189091922553",
"189451276351247248672041438934793358317",
"150887939446397845269255235236848560016",
"62230395531279983750810244588975248981",
"271399799082182745882789429283387704119",
"87684444960006488001168710769884584388",
"145103972376335462231291532014631776050",
"85611158775982829506954253515579238514",
"152081700902944788329464413257958903666",
"77570091670999502416352108517682590868",
"166919243418396548566956283189604434349",
"141845814217972967413351780936086970748",
"64332284691586388287920637812502588406"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f87904c075515f3e1d8f4a7115869d3b914674fd",
"signature_type": "Line",
"id": "CVE-2022-49995-75ac8857",
"target": {
"file": "mm/backing-dev.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "295708622294807031022957434374178325611",
"length": 151.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7",
"signature_type": "Function",
"id": "CVE-2022-49995-820625a6",
"target": {
"file": "mm/page-writeback.c",
"function": "wb_inode_writeback_end"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"14949166180582505327808541696988704186",
"170774870814776582507125447215809073230",
"195744530225389001589474936489865262275",
"313809533719221991775736851189091922553",
"189451276351247248672041438934793358317",
"150887939446397845269255235236848560016",
"62230395531279983750810244588975248981",
"271399799082182745882789429283387704119",
"87684444960006488001168710769884584388",
"145103972376335462231291532014631776050",
"85611158775982829506954253515579238514",
"152081700902944788329464413257958903666",
"77570091670999502416352108517682590868",
"166919243418396548566956283189604434349",
"141845814217972967413351780936086970748",
"64332284691586388287920637812502588406"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f96b9f7c1676923bce871e728bb49c0dfa5013cc",
"signature_type": "Line",
"id": "CVE-2022-49995-9f2a19b7",
"target": {
"file": "mm/backing-dev.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"191062155770740242518895102311442504617",
"165457337798560857357901863519320577477",
"335266467517476044200419577212568268686",
"226624762138314131380143602776258520676",
"183790180653739280739349287173895333083",
"287433546290508189238606961008045495017"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7",
"signature_type": "Line",
"id": "CVE-2022-49995-a21fe89f",
"target": {
"file": "mm/page-writeback.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"172802956559911444631636772360623132530",
"105434998560247920973167032514772761421",
"182538955297253185824019447871049287713",
"190551523365016338540372347291626741304",
"301672833718976592263169614209445101772",
"48095921218987765335770027344046258857",
"149262542602272371944312740777376222759",
"53126730932671973385910268266591855302",
"238485591989223101329785126598991505497",
"162975425391151028391772447237458950397",
"79084733343332000968181340153418357992",
"302602051931423563052174189128042485267",
"181461537404584222749144857323764496039",
"222626262030704665528982240059294150416",
"229635266251276932875976790843054626865",
"275291895100794038020406116060231636265",
"114996120086559158160371542760406405641",
"244787180532850936193905812267434507632",
"37446745928633592806476978255302110785",
"39405268808642382662555130059131880544",
"198805531082571931842599603606286892574",
"326297105595053928640713973423533906029",
"180581789908533725141225952890714411612",
"340192633961687279340910816314382595419",
"39914621337022667507201276252539382517"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f96b9f7c1676923bce871e728bb49c0dfa5013cc",
"signature_type": "Line",
"id": "CVE-2022-49995-a89b731e",
"target": {
"file": "fs/fs-writeback.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"14949166180582505327808541696988704186",
"170774870814776582507125447215809073230",
"195744530225389001589474936489865262275",
"313809533719221991775736851189091922553",
"189451276351247248672041438934793358317",
"150887939446397845269255235236848560016",
"62230395531279983750810244588975248981",
"271399799082182745882789429283387704119",
"87684444960006488001168710769884584388",
"145103972376335462231291532014631776050",
"85611158775982829506954253515579238514",
"152081700902944788329464413257958903666",
"77570091670999502416352108517682590868",
"166919243418396548566956283189604434349",
"141845814217972967413351780936086970748",
"64332284691586388287920637812502588406"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7",
"signature_type": "Line",
"id": "CVE-2022-49995-dd581cf1",
"target": {
"file": "mm/backing-dev.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"172802956559911444631636772360623132530",
"105434998560247920973167032514772761421",
"182538955297253185824019447871049287713",
"190551523365016338540372347291626741304",
"301672833718976592263169614209445101772",
"48095921218987765335770027344046258857",
"149262542602272371944312740777376222759",
"53126730932671973385910268266591855302",
"238485591989223101329785126598991505497",
"162975425391151028391772447237458950397",
"79084733343332000968181340153418357992",
"302602051931423563052174189128042485267",
"181461537404584222749144857323764496039",
"222626262030704665528982240059294150416",
"229635266251276932875976790843054626865",
"275291895100794038020406116060231636265",
"114996120086559158160371542760406405641",
"244787180532850936193905812267434507632",
"37446745928633592806476978255302110785",
"39405268808642382662555130059131880544",
"198805531082571931842599603606286892574",
"326297105595053928640713973423533906029",
"180581789908533725141225952890714411612",
"340192633961687279340910816314382595419",
"39914621337022667507201276252539382517"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f87904c075515f3e1d8f4a7115869d3b914674fd",
"signature_type": "Line",
"id": "CVE-2022-49995-fa72d748",
"target": {
"file": "fs/fs-writeback.c"
}
}
]