Bug 2347852 (CVE-2022-49410) - CVE-2022-49410 kernel: tracing: Fix potential double free in create_var_ref()
Summary: CVE-2022-49410 kernel: tracing: Fix potential double free in create_var_ref()
Keywords:
Status: NEW
Alias: CVE-2022-49410
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:09 UTC by OSIDB Bzimport
Modified: 2025-05-05 19:35 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:09:00 UTC 
In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix potential double free in create_var_ref()

In create_var_ref(), init_var_ref() is called to initialize the fields
of variable ref_field, which is allocated in the previous function call
to create_hist_field(). Function init_var_ref() allocates the
corresponding fields such as ref_field->system, but frees these fields
when the function encounters an error. The caller later calls
destroy_hist_field() to conduct error handling, which frees the fields
and the variable itself. This results in double free of the fields which
are already freed in the previous function.

Fix this by storing NULL to the corresponding fields when they are freed
in init_var_ref().
Comment 1 Avinash Hanwate 2025-02-26 14:36:46 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022652-CVE-2022-49410-de6a@gregkh/T
Comment 4 Avinash Hanwate 2025-02-26 18:38:24 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022652-CVE-2022-49410-de6a@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.