CVE-2022-49531

In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is stored in the gendisk private data is valid until the gendisk is freed. Currently the loop driver uses a lot of effort to make sure a device is not freed when it is still in use, but to to fix a potential deadlock this will be relaxed a bit soon.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/aadd1443aae7fe8956e3b11157827067f034406a	Patch
https://git.kernel.org/stable/c/d2c7f56f8b5256d57f9e3fc7794c31361d43bdd9	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

17 Mar 2025, 19:53

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/aadd1443aae7fe8956e3b11157827067f034406a -~~	() https://git.kernel.org/stable/c/aadd1443aae7fe8956e3b11157827067f034406a - Patch
References	~~() https://git.kernel.org/stable/c/d2c7f56f8b5256d57f9e3fc7794c31361d43bdd9 -~~	() https://git.kernel.org/stable/c/d2c7f56f8b5256d57f9e3fc7794c31361d43bdd9 - Patch
CWE		CWE-667
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: loop: implement ->free_disk Asegúrese de que el lo_device que se almacena en los datos privados de gendisk sea válido hasta que se libere el gendisk. Actualmente, el controlador de loop hace un gran esfuerzo para asegurarse de que un dispositivo no se libere cuando todavía está en uso, pero para solucionar un posible bloqueo, esto se relajará un poco pronto.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux Linux linux Kernel

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-10-01 20:16

NVD link : CVE-2022-49531

Mitre link : CVE-2022-49531

CVE.ORG link : CVE-2022-49531

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

{"id": "CVE-2022-49531", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:29.067", "references": [{"url": "https://git.kernel.org/stable/c/aadd1443aae7fe8956e3b11157827067f034406a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d2c7f56f8b5256d57f9e3fc7794c31361d43bdd9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: implement ->free_disk\n\nEnsure that the lo_device which is stored in the gendisk private\ndata is valid until the gendisk is freed. Currently the loop driver\nuses a lot of effort to make sure a device is not freed when it is\nstill in use, but to to fix a potential deadlock this will be relaxed\na bit soon."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: loop: implement ->free_disk Aseg\u00farese de que el lo_device que se almacena en los datos privados de gendisk sea v\u00e1lido hasta que se libere el gendisk. Actualmente, el controlador de loop hace un gran esfuerzo para asegurarse de que un dispositivo no se libere cuando todav\u00eda est\u00e1 en uso, pero para solucionar un posible bloqueo, esto se relajar\u00e1 un poco pronto."}], "lastModified": "2025-10-01T20:16:37.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3108C4DF-1578-4A9A-ADC7-1128DE921D69", "versionEndExcluding": "5.18.3"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}