{
  "threat_severity" : "Important",
  "public_date" : "2025-02-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: cifs: fix potential double free during failed mount",
    "id" : "2348119",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2348119"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-415",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncifs: fix potential double free during failed mount\nRHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799", "A flaw was found in the Linux kernel's CIFS code in which a failed mount might lead to a double-free. An attacker with permissions to attempt to mount CIFS volumes could exploit this vulnerability to alter kernel memory, leading to a denial of service, altered system memory, or an escalation of privileges." ],
  "statement" : "This flaw results from a missing check in the kernel's CIFS mounting code which can lead to the same pointer being freed twice when there is an error mounting the volume. An attacker could exploit this vulnerability to corrupt or alter system memory or execute arbitrary code with elevated privileges.\nNote that this vulnerability was fixed in previous errata:\nRHSA-2022:5819 for Red Hat Enterprise Linux 8.6 EUS\nRHSA-2022:7683 for Red Hat Enterprise Linux 8.7-8.10\nRHSA-2023:2458 for Red Hat Enterprise Linux 9.2 and later.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-08-03T00:00:00Z",
    "advisory" : "RHSA-2022:5819",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-372.19.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7683",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-425.3.1.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-04-14T00:00:00Z",
    "advisory" : "RHSA-2025:3838",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "kernel-0:5.14.0-70.130.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-04-14T00:00:00Z",
    "advisory" : "RHSA-2025:3839",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.130.1.rt21.202.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-04-16T00:00:00Z",
    "advisory" : "RHSA-2025:3961",
    "cpe" : "cpe:/o:redhat:rhel_e4s:9.0",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2022-08-03T00:00:00Z",
    "advisory" : "RHSA-2022:5819",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "kernel-0:4.18.0-372.19.1.el8_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49541\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49541\nhttps://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49541-7460@gregkh/T" ],
  "name" : "CVE-2022-49541",
  "mitigation" : {
    "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}