CVE-2022-49531: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49531 affects the Linux kernel's loop driver implementation. The vulnerability was disclosed in February 2025 and involves the handling of loop device (lodevice) data stored in the gendisk private data structure. The issue relates to ensuring the validity of lodevice until the gendisk is freed (NVD, Ubuntu).

The vulnerability stems from the loop driver's implementation of disk freeing operations. Previously, the driver employed extensive measures to prevent device freeing while in use, but this approach needed modification to address a potential deadlock. The fix involved implementing a ->freedisk operation to ensure proper handling of the lodevice stored in the gendisk private data (Kernel Commit).

The vulnerability could potentially lead to memory safety issues when the loop device is being freed while still in use. This could affect systems utilizing loop devices for mounting filesystem images (NVD).

The issue has been resolved through a kernel patch that implements the ->freedisk operation in the loop driver. The fix ensures proper handling of the lodevice data structure during cleanup operations. The patch has been integrated into various Linux distributions, including Ubuntu, where it affects multiple kernel versions (Ubuntu).