CVE-2022-50240Use After Free in Linux

CWE-416Use After Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmap_lock for later use. This is unsafe and there are a number of failure paths *after* the recorded VMA pointer may be freed during setup. There is no callback to the driver to clear the saved pointer from generic mm code. Furthermore, the VMA pointer may become stale if any number of VMA operations end up freeing the VMA so savi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.205.4.224+4
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxdd2283f2605e3b3e9c61bcae844b34f2afa4813f27a594bc7a7c8238d239e3cdbcf2edfa3bbe9a1b+6
debiandebian/linux< linux 5.19.6-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2022-50240: In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA2025-09-15
GHSA
GHSA-4cpm-89f2-8grm: In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() In commit 720c24192404 ("AND2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: binder: fix UAF of alloc->vma in race with munmap()2025-09-15
Debian
CVE-2022-50240: linux - In the Linux kernel, the following vulnerability has been resolved: android: bi...2022
CVE-2022-50240 — Use After Free in Linux | cvebase