CVE-2022-49995

Published: Jun 18, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: writeback: avoid use-after-free after removing device When a disk is removed, bdi_unregister gets called to stop further writeback and wait for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation dwork after this has completed, which can result in the timer attempting to access the just freed bdi_writeback. Fix this by checking if the bdi_writeback is alive, similar to when scheduling writeback work. Since this requires wb->work_lock, and wb_inode_writeback_end() may get called from interrupt, switch wb->work_lock to an irqsafe lock.

Vendor	Product	Versions
Linux	Linux	affected `45a2966fd64147518dc5bca25f447bd0fb5359ac - < f96b9f7c1676923bce871e728bb49c0dfa5013cc` affected `45a2966fd64147518dc5bca25f447bd0fb5359ac - < 9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7` affected `45a2966fd64147518dc5bca25f447bd0fb5359ac - < f87904c075515f3e1d8f4a7115869d3b914674fd`
Linux	Linux	affected `5.15` unaffected `0 - < 5.15` unaffected `5.15.64 - <= 5.15.` unaffected `5.19.6 - <= 5.19.` unaffected `6.0 - <= *`

References

https://git.kernel.org/stable/c/f96b9f7c1676923bce871e728bb49c0dfa5013cc

https://git.kernel.org/stable/c/9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7

https://git.kernel.org/stable/c/f87904c075515f3e1d8f4a7115869d3b914674fd

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49995

Description

Affected Products

References