Wiz
Vulnerability DatabaseCVE-2022-1184

CVE-2022-1184
Linux Kernel vulnerability analysis and mitigation

Overview

A use-after-free vulnerability (CVE-2022-1184) was discovered in the Linux kernel's filesystem sub-component, specifically in the fs/ext4/namei.c:dxinsertblock() function. The vulnerability was reported in March 2022 and affects various Linux distributions including Debian, Ubuntu, and Red Hat Enterprise Linux (Debian Security, Ubuntu Security, Red Hat CVE).

Technical details

The vulnerability exists in the ext4 filesystem driver implementation where a use-after-free condition occurs in the dxinsertblock() function. When triggered, the flaw can lead to memory corruption and system crashes, particularly after the bug is triggered multiple times. The issue has a CVSS 3 Severity Score of 5.5 (Medium) (Ubuntu Security).

Impact

The vulnerability allows a local attacker with user privileges to cause a denial of service through system crashes or memory corruption. When exploited, it could potentially lead to privilege escalation. The most significant impact is on systems where users are permitted to mount arbitrary filesystems (Debian Security).

Mitigation and workarounds

The vulnerability has been fixed in various Linux distributions through security updates. Debian fixed it in version 5.10.149-1 for the stable distribution (bullseye), Ubuntu addressed it in multiple kernel versions including 5.15.0-60.66 for 22.04 LTS, and Red Hat Enterprise Linux released fixes through several security advisories (Debian Security, Ubuntu Security).

Additional resources

SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-40258HIGH7
  • Linux KernelLinux Kernel
  • kernel-zfcpdump-devel-matched
NoNoDec 04, 2025
CVE-2025-40259MEDIUM6.2
  • Linux KernelLinux Kernel
  • kernel-64k-devel
NoNoDec 04, 2025
CVE-2025-40264MEDIUM5.5
  • Linux KernelLinux Kernel
  • kernel-rt-64k-debug-kvm
NoNoDec 04, 2025
CVE-2025-40254MEDIUM5.5
  • Linux KernelLinux Kernel
  • kernel-modules-partner
NoNoDec 04, 2025
CVE-2025-40253MEDIUM5.5
  • Linux KernelLinux Kernel
  • python3-perf
NoNoDec 04, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo