{"id":"CVE-2022-49651","summary":"srcu: Tighten cleanup_srcu_struct() GP checks","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsrcu: Tighten cleanup_srcu_struct() GP checks\n\nCurrently, cleanup_srcu_struct() checks for a grace period in progress,\nbut it does not check for a grace period that has not yet started but\nwhich might start at any time.  Such a situation could result in a\nuse-after-free bug, so this commit adds a check for a grace period that\nis needed but not yet started to cleanup_srcu_struct().","modified":"2026-05-15T11:53:40.397890463Z","published":"2025-02-26T02:23:53.496Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49651.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/8ed00760203d8018bee042fbfe8e076579be2c2b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49651.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49651"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.12.0"},{"fixed":"5.18.11"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49651.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}