CVE-2022-49384

md: fix double free of io_acct_set bioset

Description

In the Linux kernel, the following vulnerability has been resolved: md: fix double free of io_acct_set bioset Now io_acct_set is alloc and free in personality. Remove the codes that free io_acct_set in md_free and md_stop.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/36a2fc44c574a59ee3b5e2cb327182f227b2b07e patch
https://git.kernel.org/stable/c/f99d5b5dc8a42c807b5f1176b925aa45d61962ab patch
https://git.kernel.org/stable/c/ea7d7bd90079d96f9c86bdaf0b106e0cd2a70661 patch
https://git.kernel.org/stable/c/42b805af102471f53e3c7867b8c2b502ea4eef7e patch

Frequently Asked Questions

What is the severity of CVE-2022-49384?
CVE-2022-49384 has been scored as a high severity vulnerability.
How to fix CVE-2022-49384?
To fix CVE-2022-49384, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49384 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49384 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49384?
CVE-2022-49384 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.