CVE-2022-49811

drbd: use after free in drbd_create_device()

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe()
iterator to prevent a use after free.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-05-01 CVE Reserved
2025-05-01 CVE Published
2025-05-01 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/b6f85ef9538b2111a8ba0bbfae9aaebabfc94961	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/fc1897f16ebcfd22364f2afcc27f53a740f3bc7a	2022-11-25
https://git.kernel.org/stable/c/bf47ca1b35fc1f55091ffaff5fbe41ea0c6f59a1	2022-11-25
https://git.kernel.org/stable/c/813a8dd9c45fd46f5cbbfbedf0791afa7740ccf5	2022-11-25
https://git.kernel.org/stable/c/9ed51414aef6e59e832e2960f10766dce2d5b1a1	2022-11-25
https://git.kernel.org/stable/c/7d93417d596402ddd46bd76c721f205d09d0d025	2022-11-26
https://git.kernel.org/stable/c/c2a00b149836d60c222930bbea6b2139caf34d4f	2022-11-26
https://git.kernel.org/stable/c/a7a1598189228b5007369a9622ccdf587be0730f	2022-11-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 4.14.300 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 4.14.300"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 4.19.267 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 4.19.267"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 5.4.225 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 5.4.225"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 5.10.156 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 5.10.156"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 5.15.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 5.15.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 6.0.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 6.0.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 6.1"		en		Affected