CVE-2022-50492

EPSS 0.03%
Veröffentlicht 04.10.2025 15:43:45
Zuletzt bearbeitet 23.01.2026 20:43:01
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

drm/msm: fix use-after-free on probe deferral

The bridge counter was never reset when tearing down the DRM device so
that stale pointers to deallocated structures would be accessed on the
next tear down (e.g. after a second late bind deferral).

Given enough bridges and a few probe deferrals this could currently also
lead to data beyond the bridge array being corrupted.

Patchwork: https://patchwork.freedesktop.org/patch/502665/

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.12 < 6.0.7

Linux ≫ Linux Kernel Version6.1 Updaterc1

Linux ≫ Linux Kernel Version6.1 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.061

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/0a30a47741b6df1f9555a0fac6aebb7e8c363bad

Patch

https://git.kernel.org/stable/c/6808abdb33bf90330e70a687d29f038507e06ebb

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50492

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50492

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50492

EUVD