CVE-2022-49465 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-49465?

CVE-2022-49465 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's block I/O throttling subsystem (blk-throttle) allows local attackers to potentially crash the system or execute arbitrary code. The vulnerability occurs when a BIO structure is freed while still being marked as throttled, leading to memory corruption. This affects all Linux systems using the affected kernel versions.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's block I/O throttling subsystem (blk-throttle) allows local attackers to potentially crash the system or execute arbitrary code. The vulnerability occurs when a BIO structure is freed while still being marked as throttled, leading to memory corruption. This affects all Linux systems using the affected kernel versions.

💻 Affected Systems

Products:

Linux kernel

Versions: Versions before the fix commits (specific versions vary by distribution; generally kernels before the fix in 2022)

Operating Systems: All Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires block I/O throttling to be enabled; many systems have this enabled by default or when using cgroups/blkio controller.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, system crash, or arbitrary code execution leading to complete system compromise.

🟠

Likely Case

System crash or kernel panic causing denial of service, potentially leading to data corruption or loss.

🟢

If Mitigated

Limited impact if proper access controls prevent local user access; container escape possible in containerized environments.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes can trigger the vulnerability; container escape scenarios increase risk in shared environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger block I/O operations; timing-dependent exploitation makes reliable exploitation challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 047ea38d41d90d748bca812a43339632f52ba715 or later

Vendor Advisory: https://git.kernel.org/stable/c/047ea38d41d90d748bca812a43339632f52ba715

Restart Required: Yes

Instructions:

1. Update kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable block I/O throttling

all

Temporarily disable the blk-throttle subsystem to prevent exploitation

echo 0 > /sys/block/*/queue/throttle_enable
Disable cgroup blkio controller if in use

🧯 If You Can't Patch

Restrict local user access to prevent untrusted users from running code
Disable block I/O throttling features and monitor for system stability issues

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and compare with distribution's security advisories

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit: grep -q '047ea38d41d90d748bca812a43339632f52ba715' /proc/version_signature || echo 'Check kernel source'

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
KASAN use-after-free reports in dmesg
System crashes during I/O operations

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("KASAN" OR "use-after-free" OR "blk-throttle")

📊 Metadata

CVE ID: CVE-2022-49465

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.05% exploit probability (16.4th percentile)

Published: February 26, 2025

Last Updated: January 21, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49465, you might also want to check these: