CVE-2022-49798

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race where eprobes can be called before the event The flag that tells the event to call its triggers after reading the event is set for eprobes after the eprobe is enabled. This leads to a race where the eprobe may be triggered at the beginning of the event where the record information is NULL. The eprobe then dereferences the NULL record causing a NULL kernel pointer bug. Test for a NULL record to keep this from happening.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/7291dec4f2d17a2d3fd1f789fb41e58476539f21	Patch
https://git.kernel.org/stable/c/73f5191467ffe3af82f27fe0ea6a8c2fac724d3f	Patch
https://git.kernel.org/stable/c/94eedf3dded5fb472ce97bfaf3ac1c6c29c35d26	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::

History

07 Nov 2025, 19:32

Type	Values Removed	Values Added
CWE		CWE-362
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7
References	~~() https://git.kernel.org/stable/c/7291dec4f2d17a2d3fd1f789fb41e58476539f21 -~~	() https://git.kernel.org/stable/c/7291dec4f2d17a2d3fd1f789fb41e58476539f21 - Patch
References	~~() https://git.kernel.org/stable/c/73f5191467ffe3af82f27fe0ea6a8c2fac724d3f -~~	() https://git.kernel.org/stable/c/73f5191467ffe3af82f27fe0ea6a8c2fac724d3f - Patch
References	~~() https://git.kernel.org/stable/c/94eedf3dded5fb472ce97bfaf3ac1c6c29c35d26 -~~	() https://git.kernel.org/stable/c/94eedf3dded5fb472ce97bfaf3ac1c6c29c35d26 - Patch
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::

02 May 2025, 13:53

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: Se corrige la ejecución donde se pueden llamar los eprobes antes del evento. El indicador que indica al evento que llame a sus desencadenadores después de leer el evento se establece para los eprobes después de habilitarlos. Esto provoca una ejecución donde el eprobe puede activarse al inicio del evento cuando la información del registro es nula. El eprobe entonces desreferencia el registro nulo, causando un error de puntero de kernel nulo. Pruebe si hay un registro nulo para evitar que esto suceda.

01 May 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 15:16

Updated : 2025-11-07 19:32

NVD link : CVE-2022-49798

Mitre link : CVE-2022-49798

CVE.ORG link : CVE-2022-49798

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

4.7 /10