What is CVE-2022-49489?

CVE-2022-49489 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10, classified as a Use After Free flaw (CWE-416). CVE-2022-49489 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-49489?

CVE-2022-49489 has a CVSS score of 7.8 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2022-49489?

No patch is currently available for CVE-2022-49489. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2022-49489 actively exploited?

CVE-2022-49489 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Use After Free (CWE-416)?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/416.html

CVE-2022-49489

High

In the Linux kernel, the following vulnerability has been resolved: drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume BUG: Unable to handle kernel paging request at virtual address 006b6b6b6b6b6be3 Call trace: dpu_vbif_init_memtypes+0x40/0xb8 dpu_runtime_resume+0xcc/0x1c0 pm_generic_runtime_resume+0x30/0x44 __genpd_runtime_resume+0x68/0x7c genpd_runtime_resume+0x134/0x258 __rpm_callback+0x98/0x138 rpm_callback+0x30/0x88 rpm_resume+0x36c/0x49c __pm_runtime_resume+0x80/0xb0 dpu_core_irq_uninstall+0x30/0xb0 dpu_irq_uninstall+0x18/0x24 msm_drm_uninit+0xd8/0x16c Patchwork: https://patchwork.freedesktop.org/patch/483255/ [DB: fixed Fixes tag]

Package Linux Kernel

Published 2025-02-26

Last modified 2025-03-24

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

7.8

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-416

CVE-2022-49489 is a Use After Free vulnerability

What is Use After Free?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. Learn more on MITRE CWE

References

The following references provide additional information about CVE-2022-49489 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/134760263f6441741db0b2970e7face6b34b6d1c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5b0adf5cbf3b74721e4e4c4e0cadc91b8df8bcc2
Patch
Kernel patch commit
https://git.kernel.org/stable/c/97ac682b6f7d36be5d934f86c9911066540a68f1
Patch

7 patch commits total View all on NVD

Details

CVE ID CVE-2022-49489

Severity High

CVSS score 7.8 / 10

CVSS version 3.1

Published 2025-02-26

Modified 2025-03-24

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2022-49489?

CVE-2022-49489 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 , classified as an Use After Free flaw (CWE-416) . CVE-2022-49489 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2022-49489?

CVE-2022-49489 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2022-49489?

No patch is currently available for CVE-2022-49489. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2022-49489 actively exploited?

No — CVE-2022-49489 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Use After Free (CWE-416)?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. View CWE-416 on MITRE CWE →