Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-49798

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race where eprobes can be called before the event The flag that tells the event to call its triggers after reading the event is set for eprobes after the eprobe is enabled. This leads to a race where the eprobe may be triggered at the beginning of the event where the record information is NULL. The eprobe then dereferences the NULL record causing a NULL kernel pointer bug. Test for a NULL record to keep this from happening.

Published

2025-05-01T15:16:03.097

Last Modified

2025-11-07T19:32:58.330

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 5.15.80	Yes
Operating System	linux	linux_kernel	< 6.0.10	Yes
Operating System	linux	linux_kernel	6.1	Yes
Operating System	linux	linux_kernel	6.1	Yes
Operating System	linux	linux_kernel	6.1	Yes
Operating System	linux	linux_kernel	6.1	Yes
Operating System	linux	linux_kernel	6.1	Yes

References

https://git.kernel.org/stable/c/7291dec4f2d17a2d3fd1f789fb41e58476539f21 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/73f5191467ffe3af82f27fe0ea6a8c2fac724d3f Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/94eedf3dded5fb472ce97bfaf3ac1c6c29c35d26 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)