CVE-2022-48666: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free There are two .exit_cmd_priv implementations. Both implementations use resources associated with the SCSI host. Make sure that these resources are still available when .exit_cmd_priv is called by waiting inside scsi_remove_host() until the tag set has been freed. This commit fixes the following use-after-free: ================================================================== BUG: KASAN: use-after-free in srp_exit_cmd_priv+0x27/0xd0 [ib_srp] Read of size 8 at addr ffff888100337000 by task multipathd/16727 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report.cold+0x5e/0x5db kasan_report+0xab/0x120 srp_exit_cmd_priv+0x27/0xd0 [ib_srp] scsi_mq_exit_request+0x4d/0x70 blk_mq_free_rqs+0x143/0x410 __blk_mq_free_map_and_rqs+0x6e/0x100 blk_mq_free_tag_set+0x2b/0x160 scsi_host_dev_release+0xf3/0x1a0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_device_dev_release_usercontext+0x4c1/0x4e0 execute_in_process_context+0x23/0x90 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_disk_release+0x3f/0x50 device_release+0x54/0xe0 kobject_put+0xa5/0x120 disk_release+0x17f/0x1b0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 dm_put_table_device+0xa3/0x160 [dm_mod] dm_put_device+0xd0/0x140 [dm_mod] free_priority_group+0xd8/0x110 [dm_multipath] free_multipath+0x94/0xe0 [dm_multipath] dm_table_destroy+0xa2/0x1e0 [dm_mod] __dm_destroy+0x196/0x350 [dm_mod] dev_remove+0x10c/0x160 [dm_mod] ctl_ioctl+0x2c2/0x590 [dm_mod] dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0
AI Analysis
Technical Summary
CVE-2022-48666 is a high-severity use-after-free vulnerability in the Linux kernel's SCSI subsystem, specifically within the handling of the .exit_cmd_priv function related to the SCSI host resources. The vulnerability arises because there are two implementations of the .exit_cmd_priv function that both utilize resources tied to the SCSI host. However, these resources may be freed prematurely, leading to a use-after-free condition. The fix involves ensuring that the resources remain available when .exit_cmd_priv is called by waiting inside the scsi_remove_host() function until the tag set has been fully freed. The vulnerability was detected by the Kernel Address Sanitizer (KASAN) as a use-after-free in the srp_exit_cmd_priv function within the ib_srp module, which is part of the SCSI RDMA Protocol (SRP) implementation. The call trace indicates that the issue occurs during the release and cleanup of SCSI devices and multipath device-mapper components, which are commonly used in enterprise storage environments. The vulnerability affects Linux kernel versions identified by the commit hash 65ca846a53149a1a72cd8d02e7b2e73dd545b834 and possibly others in the same range. The CVSS v3.1 base score is 7.4, reflecting high severity with a vector indicating local attack vector (AV:L), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently reported in the wild. The vulnerability is classified under CWE-416 (Use After Free). This flaw could potentially allow a local attacker or malicious process with access to the affected system to cause memory corruption, leading to system crashes, denial of service, or potentially privilege escalation or arbitrary code execution within the kernel context.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially to enterprises and data centers relying on Linux-based servers with SCSI storage subsystems, including those using multipath device-mapper configurations for high availability and redundancy. The use-after-free can lead to kernel crashes (denial of service), data corruption, or potentially privilege escalation if exploited, impacting confidentiality, integrity, and availability of critical systems. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, telecommunications, and government agencies across Europe. The high impact on availability could disrupt business operations, while confidentiality and integrity breaches could lead to data leaks or manipulation. Since the attack vector is local and requires high complexity, exploitation is less trivial but still feasible in environments where untrusted local users or compromised processes exist. The lack of user interaction and no privilege requirement means that once local access is gained, exploitation can proceed without further conditions. Given the widespread use of Linux in European IT infrastructure, the vulnerability could affect a broad range of systems if patches are not applied promptly.
Mitigation Recommendations
European organizations should prioritize patching Linux kernels to versions that include the fix for CVE-2022-48666. Specifically, update to kernel versions that incorporate the commit ensuring proper synchronization in scsi_remove_host() to prevent premature freeing of SCSI host resources. In environments where immediate patching is not feasible, organizations should restrict local access to trusted users only and monitor for unusual activity related to SCSI device management or multipath device-mapper operations. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues proactively. Additionally, review and tighten access controls on systems with SCSI multipath configurations, and audit multipathd and device-mapper usage to detect anomalies. Implement comprehensive logging and alerting for kernel errors or crashes related to SCSI subsystems. For critical systems, consider isolating or sandboxing processes that interact with SCSI devices to limit potential exploitation scope. Finally, maintain up-to-date backups and disaster recovery plans to mitigate impact from potential denial of service or data corruption incidents.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-48666: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free There are two .exit_cmd_priv implementations. Both implementations use resources associated with the SCSI host. Make sure that these resources are still available when .exit_cmd_priv is called by waiting inside scsi_remove_host() until the tag set has been freed. This commit fixes the following use-after-free: ================================================================== BUG: KASAN: use-after-free in srp_exit_cmd_priv+0x27/0xd0 [ib_srp] Read of size 8 at addr ffff888100337000 by task multipathd/16727 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report.cold+0x5e/0x5db kasan_report+0xab/0x120 srp_exit_cmd_priv+0x27/0xd0 [ib_srp] scsi_mq_exit_request+0x4d/0x70 blk_mq_free_rqs+0x143/0x410 __blk_mq_free_map_and_rqs+0x6e/0x100 blk_mq_free_tag_set+0x2b/0x160 scsi_host_dev_release+0xf3/0x1a0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_device_dev_release_usercontext+0x4c1/0x4e0 execute_in_process_context+0x23/0x90 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_disk_release+0x3f/0x50 device_release+0x54/0xe0 kobject_put+0xa5/0x120 disk_release+0x17f/0x1b0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 dm_put_table_device+0xa3/0x160 [dm_mod] dm_put_device+0xd0/0x140 [dm_mod] free_priority_group+0xd8/0x110 [dm_multipath] free_multipath+0x94/0xe0 [dm_multipath] dm_table_destroy+0xa2/0x1e0 [dm_mod] __dm_destroy+0x196/0x350 [dm_mod] dev_remove+0x10c/0x160 [dm_mod] ctl_ioctl+0x2c2/0x590 [dm_mod] dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0
AI-Powered Analysis
Technical Analysis
CVE-2022-48666 is a high-severity use-after-free vulnerability in the Linux kernel's SCSI subsystem, specifically within the handling of the .exit_cmd_priv function related to the SCSI host resources. The vulnerability arises because there are two implementations of the .exit_cmd_priv function that both utilize resources tied to the SCSI host. However, these resources may be freed prematurely, leading to a use-after-free condition. The fix involves ensuring that the resources remain available when .exit_cmd_priv is called by waiting inside the scsi_remove_host() function until the tag set has been fully freed. The vulnerability was detected by the Kernel Address Sanitizer (KASAN) as a use-after-free in the srp_exit_cmd_priv function within the ib_srp module, which is part of the SCSI RDMA Protocol (SRP) implementation. The call trace indicates that the issue occurs during the release and cleanup of SCSI devices and multipath device-mapper components, which are commonly used in enterprise storage environments. The vulnerability affects Linux kernel versions identified by the commit hash 65ca846a53149a1a72cd8d02e7b2e73dd545b834 and possibly others in the same range. The CVSS v3.1 base score is 7.4, reflecting high severity with a vector indicating local attack vector (AV:L), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently reported in the wild. The vulnerability is classified under CWE-416 (Use After Free). This flaw could potentially allow a local attacker or malicious process with access to the affected system to cause memory corruption, leading to system crashes, denial of service, or potentially privilege escalation or arbitrary code execution within the kernel context.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially to enterprises and data centers relying on Linux-based servers with SCSI storage subsystems, including those using multipath device-mapper configurations for high availability and redundancy. The use-after-free can lead to kernel crashes (denial of service), data corruption, or potentially privilege escalation if exploited, impacting confidentiality, integrity, and availability of critical systems. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, telecommunications, and government agencies across Europe. The high impact on availability could disrupt business operations, while confidentiality and integrity breaches could lead to data leaks or manipulation. Since the attack vector is local and requires high complexity, exploitation is less trivial but still feasible in environments where untrusted local users or compromised processes exist. The lack of user interaction and no privilege requirement means that once local access is gained, exploitation can proceed without further conditions. Given the widespread use of Linux in European IT infrastructure, the vulnerability could affect a broad range of systems if patches are not applied promptly.
Mitigation Recommendations
European organizations should prioritize patching Linux kernels to versions that include the fix for CVE-2022-48666. Specifically, update to kernel versions that incorporate the commit ensuring proper synchronization in scsi_remove_host() to prevent premature freeing of SCSI host resources. In environments where immediate patching is not feasible, organizations should restrict local access to trusted users only and monitor for unusual activity related to SCSI device management or multipath device-mapper operations. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues proactively. Additionally, review and tighten access controls on systems with SCSI multipath configurations, and audit multipathd and device-mapper usage to detect anomalies. Implement comprehensive logging and alerting for kernel errors or crashes related to SCSI subsystems. For critical systems, consider isolating or sandboxing processes that interact with SCSI devices to limit potential exploitation scope. Finally, maintain up-to-date backups and disaster recovery plans to mitigate impact from potential denial of service or data corruption incidents.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-25T13:44:28.320Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5e1d
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 7/3/2025, 3:11:31 AM
Last updated: 8/15/2025, 10:46:01 AM
Views: 10
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.