CVE-2022-49410 – This CVE describes a double-free vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-49410?

CVE-2022-49410 has a CVSS score of 7.8 (HIGH). This CVE describes a double-free vulnerability in the Linux kernel's tracing subsystem. When create_var_ref() encounters an error during initialization, it can free memory that gets freed again during error handling, potentially leading to memory corruption. This affects all Linux systems using kernel tracing functionality.

📋 TL;DR

This CVE describes a double-free vulnerability in the Linux kernel's tracing subsystem. When create_var_ref() encounters an error during initialization, it can free memory that gets freed again during error handling, potentially leading to memory corruption. This affects all Linux systems using kernel tracing functionality.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE, but patches exist for stable branches

Operating Systems: All Linux distributions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when kernel tracing functionality (ftrace) is enabled and used. Many distributions disable or limit tracing by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation if an attacker can trigger the double-free and control memory allocation patterns.

🟠

Likely Case

System instability, kernel crashes, or denial of service when tracing operations encounter errors.

🟢

If Mitigated

Minimal impact if tracing functionality is disabled or not used.

🌐 Internet-Facing: LOW - Requires local access to trigger tracing subsystem errors.

🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to trigger specific error conditions in the tracing subsystem. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel versions via commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/058cb6d86b9789377216c936506b346aaa1eb581

Restart Required: Yes

Instructions:

1. Update to patched kernel version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable kernel tracing

all

Disable ftrace and related tracing functionality to prevent vulnerability trigger

echo 0 > /sys/kernel/debug/tracing/tracing_on
echo nop > /sys/kernel/debug/tracing/current_tracer

🧯 If You Can't Patch

Disable all kernel tracing functionality via sysfs
Restrict access to tracing debugfs interface to privileged users only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from distribution vendor. Vulnerable if using unpatched kernel with tracing enabled.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches patched version from vendor and test tracing functionality works without crashes.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes during tracing operations
dmesg errors related to memory corruption or double-free

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for kernel panic events or memory corruption errors in system logs

📊 Metadata

CVE ID: CVE-2022-49410

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

EPSS Score: 0.04% exploit probability (10.3th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49410, you might also want to check these: